General Data Protection Regulation (GDPR)
The task of managing data is becoming increasingly complex for individuals and companies alike. The General Data Protection Regulation (GDPR) came into effect across the European Union on 25 May 2018, changing the way companies around the world collect and handle personal data. The Polish Law on the Protection of Personal Data dated 10 May 2018 also came into effect on 25 May 2018.
GDPR significantly increases the rights of UE citizens to access their data electronically, to have it corrected or deleted and to scrutinise data processing. The penalties for non-compliance have also risen sharply, requiring proper judgement and design to be applied to data collection and rapid notification if data is lost. So far, the fines for non-compliance were trivial but from May 2018 – the fines will be really significant (4% of the annual turnover or up to Eur 20 m).
We advise our clients on how best to achieve their strategic objectives whilst complying with this evolving regulatory regime. We can highlight gaps in compliance and explain how to implement the policies and procedures needed, as well as dealing with any incidents that may occur while processing personal data.
Our team comprises data protection experts as well as non-lawyer cyber security specialists, allowing us to give the full spectrum of advice. The GDPR introduces both process and technology changes that we can guide our clients through, from the initial data audit and ongoing compliance to industry standard benchmarking techniques.
Please see also our brochure.