Personal data protection

As of 25 May 2018, the provisions of the General Data Protection Regulation (GDPR) are in force. These apply directly in all EU and EEA (European Economic Area) countries, and entities are required to incorporate them into their procedures, terms and conditions and company policies.

The complexity of the subject matter and the multi-layered technical, organisational and legal measures present businesses with a serious challenge to properly process and protect personal data. Counterclaims and the risk of huge penalties in case of a possible failure to do so determine the need for professional assistance in handling such information.

KGK's dedicated team, whose experience and expertise provide comprehensive legal solutions for the protection of personal data at the service of businesses, can provide assistance when compliance with this regulation is required. Here is a brief overview of what the required data protection is.

What is personal data?

Any information relating to an individual (data subject), such as names, addresses, email addresses, identification numbers, current location data and online identifiers, falls under sensitive information in the Regulation. To put it more clearly, not only your SSN and ID number are protected by GDPR, but also your gender, ethnicity, religion, philosophical and political beliefs, email address, IP address, phone number and a number of other data that could help identify you as a person/individual.

How does personal information get into a company's database?

When it comes to protecting personal data, the general public is left with the impression that every detail of their information on the internet is vulnerable to malicious intrusion. But this is only the "tip of the iceberg". By the time your customer fills in a delivery form in your store, dictates you their name and contact number, or sends an enquiry on your website, you already find yourself in some GDPR situation where you have one type of personal data or another.

От Общия регламент за защита на данните произлизат и вашите задължения да уведомите клиентите каква информация и с каква цел се събира, да я съхранявате, актуализирате, защитавате и предоставяте на лицето или трети страни и да я заличите, когато е необходимо. И ако до тук нещата ви звучат сложни, нека споменем, че едно лице може да поиска изтриване на цялата информация, с която компанията ви разполага по негов адрес, но същевременно вие да сте задължени от друг нормативен акт да я съхранявате за определен период от време (за счетоводни нужди например). Това объркващо на пръв поглед противоречие има своите ясни законови рамки и механизми, за изясняването на които винаги можете да се допитате до нашите специалисти.

Who should collect and protect personal data?

According to Общ регламент за защита данните, информацията се съхранява и защитава с подходящи технически и организационни мерки, гарантиращи пропорционално на риска ниво на сигурност. Ролята на „отговорник“ може да бъде поверена на някой служител, на самия управител/собственик на дружеството или специално назначено лице, но всеки един от работниците, имащ достъп до чувствителната информация, следва да е преминал инструктаж за практиките за защита на лични данни.

What we have already mentioned, the disparate mechanisms for collecting and protecting personal data require the coordinated integration of several types of measures. These are broadly technical and organisational.

The former include encryption, access control, updates and software protection of personal data, anonymisation of information and regular security testing.

Organizational measures in any company include adequately developed Terms and Conditions , a comprehensive policy for physical and digital protection of personal data, initial and follow-up employee training, minimization of data collection, storage and handling rules, and an incident/breach response plan.

Whether you have yet to set up a company or the time has come to get up to speed with GDPR regulations, KGK's Data Protection team is ready to advise and assist you in all aspects of data protection procedures.

Why trust KGK for data protection?

Responsible protection of personal data makes the online space a much safer place for both customers and merchants. The combined efforts of the entire legislative apparatus are focused on strict regulation and control of activities that come into contact with sensitive personal information.

Make sure your company operates flawlessly, inspires confidence in its customers and partners, and complies with current regulatory requirements! KGK will assist in addressing the legal challenges your business may face in the data privacy process, including:

Conducting a legal assessment of the company's processes in light of GDPR regulations and national legislation;
Preparing gap analysis reports and issuing recommendations and guidance;
Preparation of the set of documents to meet each company's specific needs for adequate protection of personal data;
Actively communicating and working together with the IT specialists servicing the company, which facilitating in this way the introduction of the necessary technical and organizational measures;
Providing legal assistance and training to the persons in the company entrusted with the processing and protection of personal data on their respective obligations arising from the provisions of the GDPR;