As of 25 May 2018, the provisions of the General Data Protection Regulation (GDPR) are in force. These apply directly in all EU and EEA (European Economic Area) countries, and entities are required to incorporate them into their procedures, terms and conditions and company policies.
The complexity of the subject matter and the multi-layered technical, organisational and legal measures present businesses with a serious challenge to properly process and protect personal data. Counterclaims and the risk of huge penalties in case of a possible failure to do so determine the need for professional assistance in handling such information.
KGK's dedicated team, whose experience and expertise provide comprehensive legal solutions for the protection of personal data at the service of businesses, can provide assistance when compliance with this regulation is required. Here is a brief overview of what the required data protection is.
Any information relating to an individual (data subject), such as names, addresses, email addresses, identification numbers, current location data and online identifiers, falls under sensitive information in the Regulation. To put it more clearly, not only your SSN and ID number are protected by GDPR, but also your gender, ethnicity, religion, philosophical and political beliefs, email address, IP address, phone number and a number of other data that could help identify you as a person/individual.
When it comes to protecting personal data, the general public is left with the impression that every detail of their information on the internet is vulnerable to malicious intrusion. But this is only the "tip of the iceberg". By the time your customer fills in a delivery form in your store, dictates you their name and contact number, or sends an enquiry on your website, you already find yourself in some GDPR situation where you have one type of personal data or another.
The GDPR also imposes obligations on you to tell customers what information is collected and for what purpose, to keep it up to date, to protect it and to provide it to the individual or third parties and to delete it where necessary. And if things sound complicated by this point, let's mention that a person can request the deletion of all the information your company has on them, but at the same time you are required by another piece of legislation to keep it for a certain period of time (for accounting purposes, for example). This seemingly confusing contradiction has its clear legal frameworks and mechanisms, which you can always ask our specialists to clarify.
Under the General Data Protection Regulation, information is stored and protected by appropriate technical and organisational measures ensuring a level of security proportionate to the risk. The role of 'data controller' may be assigned to an employee, the company manager/owner themselves or a specially appointed person, but any employee with access to sensitive information should have received training in data protection practices.
What we have already mentioned, the disparate mechanisms for collecting and protecting personal data require the coordinated integration of several types of measures. These are broadly technical and organisational.
The former include encryption, access control, updates and software protection of personal data, anonymisation of information and regular security testing.
Organizational measures in any company include adequately developed Terms and Conditions , a comprehensive policy for physical and digital protection of personal data, initial and follow-up employee training, minimization of data collection, storage and handling rules, and an incident/breach response plan.
Whether you have yet to set up a company or the time has come to get up to speed with GDPR regulations, KGK's Data Protection team is ready to advise and assist you in all aspects of data protection procedures.
Responsible protection of personal data makes the online space a much safer place for both customers and merchants. The combined efforts of the entire legislative apparatus are focused on strict regulation and control of activities that come into contact with sensitive personal information.
Make sure your company operates flawlessly, inspires confidence in its customers and partners, and complies with current regulatory requirements! KGK will assist in addressing the legal challenges your business may face in the data privacy process, including:
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
General Terms and Conditions