What is GDPR and how does it affect you?
As of 25th May 2018, the European Parliament’s General Data Protection Regulation (GDPR) will apply in all EU countries. The GDPR does not invalidate previous requirements regarding personal data processing, but adds additional rules and obligations. The aim of the GDPR is to ensure better protection of natural persons’ data by giving persons more control over their data. The GDPR applies to very many companies, which have data regarding natural persons (including clients, employees).
What are the main changes?
- The „right to be forgotten“will be written into legislation and does not stem from the court practice alone anymore;
- Data portability – personal data should be accessible for the persons and also it should be portable;
- Person’s consent is not for ever – more stricter rules are set forth in case the personal data is processed with persons consent;
- Obligation to appoint data protection officer – the need to appoint one will be determined with an audit;
- Authorizing others to process the personal data – more stricter rules and the person offering the service is in accordance with data protection rules;
- Data protection principles – data protection principles should be followed, so that data security is assured in every process.
Author:
KATRIN SARAP
Attorney at law, Partner
Direct: (+372) 66 76 451
Mobile: (+372) 56 63 33 02
ks@njordlaw.ee