• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Email: accace@accace.com

Contact us
Sign up for news
  • Locations
  • Websites
    • Global (English)
    • Global (German)
    • Czech Republic
    • Germany
    • Hungary
    • Poland
    • Romania
    • Russia
    • Slovakia
    • South Africa
    • Ukraine
    • United States of America (USA)
  • eShop

Accace - Outsourcing and advisory services

  • Services
    • OUTSOURCING
    • Accounting and reporting
    • Accounting online portal
    • Payroll and HR administration
    • Payroll and HR online portal
    • Time and attendance online portal
    • ADVISORY
    • Tax advisory
    • Transaction advisory
    • Legal advisory
    • Corporate and secretarial
    • Advisory online portal
    • MARKET ENTRY SUPPORT
  • COVID-19
  • About us
    • Who we are
    • Case studies
    • Meet our key People
    • Partner with us
    • Corporate Social Responsibility
  • Careers
    • Open positions
    • Who we are
    • Our values
    • Success stories
    • How we care
    • How we act
    • We volunteer
  • Newsroom
  • Events
  • Locations

New Data Protection provisions in all EU countries, starting May 2018 | News Flash

28 Apr 2017

Download PDF!

 

The EU legislation regarding Data Protection was modified in May 2016 and the Regulation 2016/679 regarding the protection of natural persons with regard to the processing of personal data and free movement of such data will be directly applicable in all EU countries starting with May 25th 2018.

Which are the main changes introduced by the EU Regulation?

The new regulation is broader in scope, covering cases in which personal data are processed by companies not established in the EU.

Regardless whether you are based in or outside the EU, this law affects you.

In order to ensure that natural persons are not deprived of the protection to which they are entitled under this Regulation, the processing of personal data of data subjects who are in the EU, by a controller or a processor not established in EU, should be subject to the Regulation, where the processing activities are related to offering goods or services to such data subjects irrespective of whether connected to a payment.

In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the EU, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the EU.

Whereas the mere accessibility of the controller’s, processor’s or an intermediary’s website in the EU, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States, with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the EU, may make it apparent that the controller envisages offering goods or services to data subjects in the EU.

Clarifying the notion of “consent”

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.

New obligations for data processors

  • The obligation to implement appropriate technical and organizational measures, such as Pseudonymisation, data protection both in determining the means of data processing, as well as during processing
  • The obligation to keep track of the activities performing processing
  • Obligation to notify any breach of personal data to relevant supervisor no later than 72 hours from the date the acknowledgment such a violation
  • Obligation in certain circumstances of the appointment of a Data Protection Officer

The “Right to be forgotten”

A data subject should have the right to have personal data concerning him or her rectified and a “right to be forgotten” where the retention of such data infringes this Regulation or EU or Member State law to which the controller is subject. In particular, a data subject should have the right to have his or her personal data erased and no longer processed where the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed, where a data subject has withdrawn his or her consent or objects to the processing of personal data concerning him or her, or where the processing of his or her personal data does not otherwise comply with this Regulation.

That right is relevant in particular where the data subject has given his or her consent as a child and is not fully aware of the risks involved by the processing, and later wants to remove such personal data, especially on the internet. The data subject should be able to exercise that right notwithstanding the fact that he or she is no longer a child.

However, the further retention of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defense of legal claims.

Binding corporate rules

More over a group of undertakings, or a group of enterprises engaged in a joint economic activity, should be able to make use of approved binding corporate rules for its international transfers from the EU to organizations within the same group of undertakings, or group of enterprises engaged in a joint economic activity, provided that such corporate rules include all essential principles and enforceable rights to ensure appropriate safeguards for transfers or categories of transfers of personal data.

Significant tightening of sanctions:

  • EUR 10 000 000 or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher
  • EUR 20 000 or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

 

Do you need support regarding the new Data Protection Regulation? Contact us!

 

Contact:

Andreea Manolache | Senior Associate| Andreea.Manolache@accace.com

 


You may also be interested in:
  • Company Formation in Romania
  • Labour Law and Employment in Romania – 2017 Guide
  • 2017 Tax Guideline for Romania
  • 2017 Transfer Pricing Overview for Romania
  • 2017 Tax Calendar | Romania

Primary Sidebar

<< Back to newsroom

NEW TO THE MARKET?

Use the free consultancy delivered by our in-country experts to get you prepared.

See what is included and schedule your call now!

We only need your email

Footer

About Accace

Originally established in Central and Eastern Europe in 2006, Accace ranks among the leading outsourcing and consultancy providers in the region. Engaging over 600 experts, we have vast experience with handling small to large scale, multi-country outsourcing projects and providing a comprehensive range of our services to over 2,000 customers.

About Accace Circle

Accace operates internationally as Accace Circle, a co-created business community of like-minded BPO providers and advisors who deliver outstanding services with elevated customer experience. Covering almost 40 jurisdictions with over 2,000 professionals, we support more than 10,000 customers, mostly mid-size and international Fortune 500 companies from various sectors, and process at least 170,000 pay slips globally.

Locations and contacts | Accace Circle

Our services

Accounting and reporting
Payroll and HR administration
Tax advisory
Transaction advisory
Legal advisory
Corporate and secretarial

Our eShop

Market entry support
See full list of services

Our online portals

Accounting portal
Payroll and HR portal
T&A portal
Advisory portal

Get in touch with us

Locations and contacts
Contact us
Sign up for news
Newsroom
Careers


Follow us

Facebook LinkedIn Twitter Instagram Youtube


Accace Circle

© Accace all rights reserved | Code of conduct | General Disclaimer | Disclaimer Newsroom | Cookie policy | Privacy policy | GDPR Statement

Get free access to
valuable insights
expert knowledge

Our legislation updates make it easy for you to keep on top of the latest changes affecting your business. Receive our articles, opinions, tips, industry news, country profiles, regional overviews and studies, latest events and even more, directly into your mailbox.

Check out our Newsroom to see what is included!

We only need your email

We will send you only relevant information we consider may be of your interest and treat your personal data in compliance with our Privacy policy and GDPR statement.

Unable to subscribe?  Try this page.

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies. Find out more.