Close
  • Home
  • About us
  • Practice areas
  • Blog
  • Contacts
  • EN
  • BG
  • +359 2 423 2273
  • office@kgk.bg
kgk_logo_light
  • Home
  • About us
  • Practice areas
  • Blog
  • Contacts
  • EN
  • BG
kgk_logo_dark_red
  • Home
  • About us
  • Practice areas
  • Blog
  • Contacts
  • EN
  • BG

Home » Practice areas » Personal data protection,

Personal data protection

As of 25 May 2018, the provisions of the General Data Protection Regulation (GDPR) are in force. These apply directly in all EU and EEA (European Economic Area) countries, and entities are required to incorporate them into their procedures, terms and conditions and company policies. 

Data protection

The complexity of the subject matter and the multi-layered technical, organisational and legal measures present businesses with a serious challenge to properly process and protect personal data. Counterclaims and the risk of huge penalties in case of a possible failure to do so determine the need for professional assistance in handling such information.

KGK's dedicated team, whose experience and expertise provide comprehensive legal solutions for the protection of personal data at the service of businesses, can provide assistance when compliance with this regulation is required. Here is a brief overview of what the required data protection is. 

What is personal data?

Any information relating to an individual (data subject), such as names, addresses, email addresses, identification numbers, current location data and online identifiers, falls under sensitive information in the Regulation. To put it more clearly, not only your SSN and ID number are protected by GDPR, but also your gender, ethnicity, religion, philosophical and political beliefs, email address, IP address, phone number and a number of other data that could help identify you as a person/individual.

How does personal information get into a company's database?

When it comes to protecting personal data, the general public is left with the impression that every detail of their information on the internet is vulnerable to malicious intrusion. But this is only the "tip of the iceberg". By the time your customer fills in a delivery form in your store, dictates you their name and contact number, or sends an enquiry on your website, you already find yourself in some GDPR situation where you have one type of personal data or another.

От Общия регламент за защита на данните произлизат и вашите задължения да уведомите клиентите каква информация и с каква цел се събира, да я съхранявате, актуализирате, защитавате и предоставяте на лицето или трети страни и да я заличите, когато е необходимо. И ако до тук нещата ви звучат сложни, нека споменем, че едно лице може да поиска изтриване на цялата информация, с която компанията ви разполага по негов адрес, но същевременно вие да сте задължени от друг нормативен акт да я съхранявате за определен период от време (за счетоводни нужди например). Това объркващо на пръв поглед противоречие има своите ясни законови рамки и механизми, за изясняването на които винаги можете да се допитате до нашите специалисти.

Who should collect and protect personal data?

According to Общ регламент за защита данните, информацията се съхранява и защитава с подходящи технически и организационни мерки, гарантиращи пропорционално на риска ниво на сигурност. Ролята на „отговорник“ може да бъде поверена на някой служител, на самия управител/собственик на дружеството или специално назначено лице, но всеки един от работниците, имащ достъп до чувствителната информация, следва да е преминал инструктаж за практиките за защита на лични данни.

What we have already mentioned, the disparate mechanisms for collecting and protecting personal data require the coordinated integration of several types of measures. These are broadly technical and organisational.

The former include encryption, access control, updates and software protection of personal data, anonymisation of information and regular security testing.

Organizational measures in any company include adequately developed Terms and Conditions , a comprehensive policy for physical and digital protection of personal data, initial and follow-up employee training, minimization of data collection, storage and handling rules, and an incident/breach response plan.

Whether you have yet to set up a company or the time has come to get up to speed with GDPR regulations, KGK's Data Protection team is ready to advise and assist you in all aspects of data protection procedures.

Why trust KGK for data protection?

Responsible protection of personal data makes the online space a much safer place for both customers and merchants. The combined efforts of the entire legislative apparatus are focused on strict regulation and control of activities that come into contact with sensitive personal information.

Make sure your company operates flawlessly, inspires confidence in its customers and partners, and complies with current regulatory requirements! KGK will assist in addressing the legal challenges your business may face in the data privacy process, including:

  • Conducting a legal assessment of the company's processes in light of GDPR regulations and national legislation;
  • Preparing gap analysis reports and issuing recommendations and guidance;
  • Preparation of the set of documents to meet each company's specific needs for adequate protection of personal data;
  • Actively communicating and working together with the IT specialists servicing the company, which facilitating in this way the introduction of the necessary technical and organizational measures;
  • Providing legal assistance and training to the persons in the company entrusted with the processing and protection of personal data on their respective obligations arising from the provisions of the GDPR;

How can we assist you?

Share your case with us and someone from our team will contact you.

Contact information

Phone: +359 2 423 2273
Email: office@kgk.bg

Address

Sofia 1000, "Tsar Shishman" str., 5B, fl. 2, office KGK Law Firm

    kgk_logo_dark_red
    Renovating the legal service industry
    Pages
    • Home
    • About us
    • Practice areas
    • Blog
    • Contacts
    Traditional services
    • AML and CFT Compliance
    • Competition
    • Personal data protection,
    • Intellectual Property
    • Litigation & Arbitration
    • Corporate & Commercial
    • Bad Debt Collection
    • Tourism
    • Public Procurement
    • Energy Law
    • Transportation
    • Real Estates
    • TMT
    • M&A
    • Labor and Employment
    Innovative services
    • Blockchain & Crypto
    • NFTs & Virtual Reality
    • Artificial Intelligence
    • Social Media and Marketing
    Contact us
    Facebook Linkedin Instagram
    +359 2 423 2273
    office@kgk.bg
    We accept payments from
    • revolut
    • binance
    emea-leading-firm-2023
    innovation_award
    druzhestvo s promenliv kapital
    Manage Cookie Consent

    To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
    General Terms and Conditions

    Functional Винаги активен
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    Управление на опциите Manage services Manage {vendor_count} vendors Прочетете повече за тези цели
    View preferences
    {title} {title} {title}