On 25 May 2018, the EU Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) entered into force
GDPR – WHAT IS ALL THE COMMOTION ABOUT?
Purpose: harmonisingthe rules in force in various EU countries and increasing the scope of protection of the rights of individuals whose personal data are processed.
The Regulation and its national legislation fundamentally changed the data protection rules and impose new obligations on entrepreneurs.
Let's check if you also need GDPR support!Learn more
LACK OF FULL COMPLIANCE WITH THE GDPR MAY BE A HIGH PROBLEM FOR ENTREPRENEURS
For the vast majority of Polish companies 76%, there is a real risk of lack of full compliance with the GDPR.
The infringement will lead to the risk that undertakings may be fined up to EUR 20 million or 4% of the annual worldwide turnover of the undertaking.
What are the risks of non-compliance with the GDPR provisions?
The maximum amount of the administrative fine shall be EUR 20 000 000 and, in the case of the undertaking, 4% of its total annual worldwide turnover in the preceding business year, whichever is the higher. (Art. 83 of the GDPR).
Any person who has suffered property or non-property damage as a result of a breach of the GDPR provisions has the right to obtain from the controller or the processor a compensation for the damage suffered.
Each controller participating in the processing is responsible for damage caused by illegal processing. (Art. 82 of the GDPR).
Whoever – without a legal basis – processes data referred to in Art. 9 of the GDPR shall be subject to a fine, penalty of restriction of liberty or imprisonment for up to one year (Articles 89-90 of the draft Personal Data Protection Act).
Whoever thwarts or obstructs the controller carrying out the control of compliance with the personal data protection regulations, shall be subject to a fine.
Enter the appropriate security policy in your organization.Learn more
PERSONAL DATA - WHAT IS IT?
Information about an identified or identifiable individual.
It is a person who can be directly or indirectly identified, e.g. by an identifier such as first name and surname, identification number (client number), PESEL number, location data, online ID, etc. (Art. 3 of the GDPR).
We can act as a Personal Data Inspector in your company.Learn more
THE GDPR IS A "PROBLEM" WHICH IS NOT EXCLUSIVE TO LEGAL DEPARTMENTS.
It also applies to human resources and payroll departments, departments which deal with contact with contractors, including sales and customer service, IT departments and programmers cooperating with the company, departments for archiving documentation and other data.
As a data controller you are also liable for acts and omissions of persons to whom you have provided personal data in any way and on any basis!