What are the threats and benefits of GDPR?

From May 25, the General Regulation on Personal Data Protection (GDPR) will come into force on the territory of the European Union.

What Ukrainian companies may fall under the new regulations?

·       companies that sell their goods or services to physical persons in the EU (online stores, tour operators, transport companies, etc.).

·       companies that gain access to personal data of consumers in the EU in the process of activity (financial, telecom companies, IT outsourcing companies, etc.);

·       companies that track behavior or do the monitoring of behavior of  EU citizens (for example, it deals with cookie-files).

·       companies that carry out marketing research covering consumers in the EU.

Legally, the GDPR is an act by which the European Parliament, the Council of the European Union and the European Commission strengthen and unify the protection of personal data of all persons in the EU. It enters into force after a two-year transitional period, does not require EU governments to make any changes to local laws, as it is directly binding.

The main purpose of GDPR is to guarantee the protection of personal data of EU citizens without reference to the territory in which they are stored. Therefore, the main requirement for companies working with the data of EU citizens is to protect the confidentiality of these data reliably. The document does not oblige the company to implement any specific methods and methods of data protection – they themselves choose the security system.

The new regulation provides:

·       availability representative in the European Union, which should express its interest in the interaction with the regulator (if an investigation, and no such representative, it will be an aggravating circumstance for the company);

·       the subject of personal data may withdraw their consent for their use; for each separate use of data there must be a separate agreement, the general documents are invalidated;

·       consent of minors must be supported by consent of parents;

·       the company is obliged to inform the regulator about the hacking events within 72 hours;

etc.

For violators, fines are imposed, authorities for assigning specific amounts are transferred to the authorities of the EU member states. The maximum penalty is EUR 20 million or 4% of annual income.

Experts note that GDPR is a rather complicated regulation. But given today’s increased interest in the subject of personal data protection, the implementation of GDPR can be a competitive advantage for business. This step will position itself as a supporter of the advanced approach to the storage and processing of personal data of clients.

We strongly recommend that you advance your business to the high standards of the GDPR.

We also would like to inform our clients and partners that Leinonen Group has taken all necessary measures to match the GDPR requirements and takes care of the protection of personal data.

Recent Posts

Ukraine to Implement Tax Increases Starting December 1, 2024 - Leinonen
December 10, 2024

Ukraine to Implement Tax Increases Starting December 1, 2024

Ukraine’s new tax reform law, officially titled the “Law of Ukraine on Amendments to the Tax Code of Ukraine on Features of Taxation During Martial…

Continue reading
October 30, 2024

Taxation in Ukraine Changes Affecting Payroll Taxation

As companies adapt to new taxation measures introduced in Ukraine, they must account for significant changes in tax regulations, impacting accounting and payroll processes. The…

Continue reading
September 16, 2024

From September 1st, Inaccurate Information on Ultimate Beneficial Owners in the Unified State Register Will Be Fined

The Ministry of Justice reminds that the Law of Ukraine “On Prevention and Counteraction to Legalization (Laundering) of Proceeds of Crime, Financing of Terrorism, and…

Continue reading