Protection Regulation (hereinafter – GDPR) applicable for more than a year contributed
to innovations in a daily business activity. Companies implemented technical
and organizational measures and new policies, related to processing of personal
data, reviewed processes of personal data processing. However, question comes whether
all companies performed required actions?
On May 2019 Data
Protection Inspectorate (hereinafter – DPI) issued a fine equal to EUR 61.500
for the breaches of GDPR. DPI discovered breaches of three articles of GDPR. The
completed investigation showed crucial position of DPI - companies shall not
only to prepare required documentation but also strictly respect the
rules set out in the policies.
fines were also issued in other countries, i.e. in French, Spain, Germany,
Poland, Austria, Bulgaria, Cyprus and Malta.
Although it is emphasized that issuance of the fines is not a priority of supervisory authority, nevertheless the companies which made no actions to implement GDPR requirements shall consider potential consequences.
Further You can
see what essential actions companies shall undertake to avoid fines related to
1. To perform internal audit on what type of personal data is processed, how and for what period this personal data is being kept. Moreover, to analyse whether personal data is processed under appropriate purposes and also to identify whether ground of processing is legal.
2. To prepare internal documents, e.g.:
· Personal data processing policy;
· Agreement with the data processor;
· Declaration of confidentiality;
· Procedure for responding to requests from data subjects;
· Procedure for responding to personal data security breaches;
· Procedure for evaluation of impact to personal data;
· Records of data processing activities;
· In case the company’s territory or premises are monitored by surveillance cameras –documentation related to video surveillance also needs to be prepared.
3. To inform employees about implemented internal rules/ policies and to perform periodical maintenance due to compliance of the procedures.
In case all aforementioned procedures are introduced, the company can calmly wait for any investigation of DPI which are organized more often each year.
Please be informed that Leinonen team can help You to prepare documents related to implementation of GDPR requirements as well as to provide related legal comments.
Information was prepared by Leinonen Lithuania Legal Team.
We will send you articles keeping you up to date with the latest trends and developments in accounting, taxation or legal fields.