Get free access to
Our legislation updates make it easy for you to keep on top of the latest changes affecting your business. Receive our articles, opinions, tips, industry news, country profiles, regional overviews and studies, latest events and even more, directly into your mailbox.
Check out our Newsroom to see what is included!
We will send you only relevant information we consider may be of your interest and treat your personal data in compliance with our Privacy policy and GDPR statement.
Unable to subscribe? Try this page.
In 2016, the European Parliament and the Council on the protection of natural persons with regards to the processing of personal data and on the free movement of such data have enacted the Regulation (EU) 216/679, also known as GDPR. In summary, the new European General Data Protection Regulation (GDPR) brings additional safety requirements and obligations for businesses that process personal data belonging to EU citizens. More details about what this implies and how we can help you, may be found below.
GDPR affects all businesses (both EU and non-EU companies) that are offering products or services to EU customers and comes into force on the 25th of May 2018. Among some of the main aspects that data processors must be aware of, but not the only ones, are:
GDPR applies to all EU companies acting as data controllers and processors, as well as all companies handling the personal data of EU citizens.
The controller must be able to demonstrate that the consent for personal data processing has been granted via a statement or a clear affirmative action.
EU citizens have the right to be forgotten (have their data erased upon request), the right to data portability (to require their data transfer to other company) and the right to object to profiling (decisions based on automated processing).
A Data Protection Officer (DPO) must normally be appointed if the company conducts large scale systematic monitoring or processes large amounts of sensitive personal data.
An obligation to implement appropriate technical and organizational measures, such as Pseudonymisation, the obligation to keep track of processing activities and an obligation to notify any breach of personal data no later than 72 hours from the time of detection.
The transfer of personal data outside the EU and the EEA, may only be done in compliance with the conditions for transfer set out in Chapter V of the GDPR and based on the Commission’s decision.
Infringement(s) of these fundamental principles may result in sanctions of up to EUR 20 million, or 4% of the total annual turnover of the preceding year – whichever is higher.
Considering the high sanctions and the limited time that businesses have to ensure that all legal and technical aspects are covered, it is important to pick the right professional partner. Our international legal and corporate advisors are ready to help you identify how GDPR impacts your company and support you in the following areas: