New European Rules on Data Protection – GDPR

The General Data Protection Regulation (“GDPR”) is the new European data privacy regulation, which comes into force in less than eight ten months on 25 May 2018.

Does your business process any personal data such as names, birth dates, photos, email addresses, social network profiles, location details, computer IP addresses biometric or other sensitive data?

If the answer is “YES”, GDPR compliance shall be placed at the top of your agenda, as it applies to you regardless of whether such data processing takes place within or outside EU. Ahead of 25 May 2018, all organisations are strongly encouraged to review their data protection policies to ensure their compliance with GDPR.

GDPR will be directly applicable in all EU Member states. Nevertheless, each member state may modify certain clauses or even adopt more restrictive measures in certain areas. The Slovak Data Protection Authority (DPA) took this advantage and in June 2017 introduced a brand-new Personal Data Protection Act, which shall replace the current legislation. The proposal of the new act is strongly discussed by wider public.

The GDPR and the new Slovak Personal Data Protection Act imposes wide range of requirements on controllers and processors. Your organisation shall be prepared that it is the person who´s personal data are processed, who shall be on the driver´s seat.

GDPR penalties for non-compliance will be substantial. A failure to comply with the new rules may lead to fines amounting to €20 million or 4% of global annual turnover for the preceding year. The new Slovak Act will also adopt these penalties. Of course, we are closely monitoring the process of implementation of the new Slovak Data Protection Act and will keep you updated.