General data protection regulation No. 2016/679 (Regulation) comes into effect on May 25, 2018 in the entire EU.
This means more flexibility for your business. No more data processing notifications to the supervisory authority. Companies belonging to an international corporate group will be able to benefit from the one-stop shop supervisory mechanism. Self-assessment of data processing risks will be allowed and security measures will be freely and individually chosen. Data privacy compliance could be demonstrated by undertaking to observe industry code of conduct or with the certificate issued by the certification institution, etc.
On the other hand, the new Regulation subject data processing compliance to a significantly increased liability, risk management and self-assessment obligations. It introduces new obligations to document personal data processing and to prove compliance. Next year we will definitely witness active supervisory authority employing its newly granted powers. We will also evidence frequent occasions when clients and employees exercise their expanded rights. No doubt, sanctions will soon start to increase.
Our review of essential changes determined by the Regulation can be found here.
Recommendations for businesses:
- Assess the scope of application of the Regulation to your company without delay;
- Prepare accurate plan for implementation of regulatory changes, outlining it for the remaining 9 months;
- Don’t forget to update data processing documentation with solutions necessary for your business, clients (data subject) and employees;
- Review main internal policies;
- Create new mandatory data processing procedures, in particular ensuring the proper fulfilment of data subject rights;
- Update your knowledge in the field of personal data processing;
- Exploit self-regulation, limitation of liability, one stop shop mechanism and other options introduced by the Regulation.
Law firm Venckute&Karnickas may assist your efforts to implement the Regulation:
- We train data protection officers, managers, employees directly responsible for data processing on data protection matters;
- We provide external data protection officer services;
- We audit data processing activities and determine the level of compliance with the Regulation;
- We prepare individual action plan for your company to implement the Regulation;
- We prepare personal data processing documentation and other necessary policies (processing of video data, information security, privacy and cookies);
- We prepare consents, notifications, data processing and transfer agreements;
- We update internal template data processing documents;
- We consult on how to apply the new Regulation to the needs of your company;
- We provide solutions on how to protect your business from new data processing risks.