From May 25, the General Regulation on Personal Data Protection (GDPR) will come into force on the territory of the European Union.
What Ukrainian companies may fall under the new regulations?
· companies that sell their goods or services to physical persons in the EU (online stores, tour operators, transport companies, etc.).
· companies that gain access to personal data of consumers in the EU in the process of activity (financial, telecom companies, IT outsourcing companies, etc.);
· companies that track behavior or do the monitoring of behavior of EU citizens (for example, it deals with cookie-files).
· companies that carry out marketing research covering consumers in the EU.
Legally, the GDPR is an act by which the European Parliament, the Council of the European Union and the European Commission strengthen and unify the protection of personal data of all persons in the EU. It enters into force after a two-year transitional period, does not require EU governments to make any changes to local laws, as it is directly binding.
The main purpose of GDPR is to guarantee the protection of personal data of EU citizens without reference to the territory in which they are stored. Therefore, the main requirement for companies working with the data of EU citizens is to protect the confidentiality of these data reliably. The document does not oblige the company to implement any specific methods and methods of data protection - they themselves choose the security system.
The new regulation provides:
· availability representative in the European Union, which should express its interest in the interaction with the regulator (if an investigation, and no such representative, it will be an aggravating circumstance for the company);
· the subject of personal data may withdraw their consent for their use; for each separate use of data there must be a separate agreement, the general documents are invalidated;
· consent of minors must be supported by consent of parents;
· the company is obliged to inform the regulator about the hacking events within 72 hours;
For violators, fines are imposed, authorities for assigning specific amounts are transferred to the authorities of the EU member states. The maximum penalty is EUR 20 million or 4% of annual income.
Experts note that GDPR is a rather complicated regulation. But given today's increased interest in the subject of personal data protection, the implementation of GDPR can be a competitive advantage for business. This step will position itself as a supporter of the advanced approach to the storage and processing of personal data of clients.
We strongly recommend that you advance your business to the high standards of the GDPR.
We also would like to inform our clients and partners that Leinonen Group has taken all necessary measures to match the GDPR requirements and takes care of the protection of personal data.