Personal data protection

As of 25 May 2018, the provisions of the General Data Protection Regulation (GDPR) are in force. These apply directly in all EU and EEA (European Economic Area) countries, and entities are required to incorporate them into their procedures, terms and conditions and company policies. 

Data protection

The complexity of the subject matter and the multi-layered technical, organisational and legal measures present businesses with a serious challenge to properly process and protect personal data. Counterclaims and the risk of huge penalties in case of a possible failure to do so determine the need for professional assistance in handling such information.

KGK's teamwith extensive experience and expertise in data protection law, provides comprehensive comprehensive legal solutions to help businesses comply with GDPR requirements. Below is a brief overview of the key aspects of personal data protection.

What is personal data?

Any information relating to an individual (data subject), such as names, addresses, email addresses, identification numbers, current location data and online identifiers, falls under sensitive information in the Regulation. To put it more clearly, not only your SSN and ID number are protected by GDPR, but also your gender, ethnicity, religion, philosophical and political beliefs, email address, IP address, phone number and a number of other data that could help identify you as a person/individual.

How does personal information get into a company's database?

When it comes to protecting personal data, the general public is left with the impression that every detail of their information on the internet is vulnerable to malicious intrusion. But this is only the "tip of the iceberg". By the time your customer fills in a delivery form in your store, dictates you their name and contact number, or sends an enquiry on your website, you already find yourself in some GDPR situation where you have one type of personal data or another.

In some cases, individuals may request that all their personal data be erased. At the same time, businesses may be required by other legislation—such as accounting regulations—to retain certain data for a specific period. Although this may appear contradictory, the legal framework provides clear rules and mechanisms for resolving such situations, and our specialists are always available to guide you through them.

Who should collect and protect personal data?

According to GDPRpersonal data must be stored and protected using appropriate technical and organizational measures that ensure a level of security proportionate to the risks involved. Responsibility for data protection may be assigned to an employee within the organization, the company’s manager or owner, or a specifically appointed Data Protection Officer (DPO). However, every employee who has access to personal data must receive proper training regarding data protection practices and procedures.

What we have already mentioned, the disparate mechanisms for collecting and protecting personal data require the coordinated integration of several types of measures. These are broadly technical and organisational.

The former include encryption, access control, updates and software protection of personal data, anonymisation of information and regular security testing.

Organizational measures in any company include adequately developed Terms and Conditions , a comprehensive policy for physical and digital protection of personal data, initial and follow-up employee training, minimization of data collection, storage and handling rules, and an incident/breach response plan.

Whether you have yet to set up a company or the time has come to get up to speed with GDPR regulations, KGK's Data Protection team is ready to advise and assist you in all aspects of data protection procedures.

Why trust KGK for data protection?

Responsible protection of personal data makes the online space a much safer place for both customers and merchants. The combined efforts of the entire legislative apparatus are focused on strict regulation and control of activities that come into contact with sensitive personal information.

Make sure your company operates flawlessly, inspires confidence in its customers and partners, and complies with current regulatory requirements! KGK will assist in addressing the legal challenges your business may face in the data privacy process, including:

  • Conducting a legal assessment of the company's processes in light of GDPR regulations and national legislation;
  • Preparing gap analysis reports and issuing recommendations and guidance;
  • Preparation of the set of documents to meet each company's specific needs for adequate protection of personal data;
  • Actively communicating and working together with the IT specialists servicing the company, which facilitating in this way the introduction of the necessary technical and organizational measures;
  • Providing legal assistance and training to the persons in the company entrusted with the processing and protection of personal data on their respective obligations arising from the provisions of the GDPR;

How can we assist you?

Share your case with us and someone from our team will contact you.

Contact information

Phone: +359 2 423 2273
Email: office@kgk.bg

Address

Sofia 1000, "Tsar Shishman" str., 5B, fl. 2, office KGK Law Firm