Frequently Asked Questions

Get on the train to rescue from the huge fines provided by the new General Data Protection Regulation (GDPR)!

What is GDPR?

The General Data Protection Regulation (2016/679) is the European Union’s New Data Protection Law, which will enter into force on 25 May 2018! Since then, the previous regulatory framework for the protection of personal data has been abolished and many aspects have been amended. The Regulation is of general application, binding on all its elements and directly applicable in all the member states of the European Union!

What are GDPR stakeholders?

The GDPR must comply with all public / private sector bodies / organizations that process personal data as part of their activity. Any company, association, government department that collects, registers, stores, discloses, correlates, deletes, destroys information relating to an identified or identifiable natural person has the obligation to apply the new Regulation.

What are the sanctions?

The sanctions provided by the new Regulation are extremely high and amount to up to EUR 20,000,000 or up to 4% of the total annual turnover of the previous financial year (whichever is the higher). Consequently, non-compliance with the new arrangements involves the risk of a fine being imposed by the supervisory authority which may indicate the economic disaster of the organization / company.

What are the main changes introduced by GDPR?

The GDPR imposes a series of new obligations on controllers, stemming from the basic principles, and in particular the enhanced transparency principle in the way data collection, processing and keeping, and the new principle of accountability, according to which the controller is responsible for and is able to demonstrate compliance with all the principles governing the processing of personal data. New rights are also introduced for data subjects such as the right to privacy, the right to data portability.

What steps should each company / organization follow to comply with the Rules?

  1. Appropriate briefing of the staff of the organization on the forthcoming changes, with emphasis on the consequences of a possible violation of Regulation
  2. Development of strategic planning for dealing with potential risks for the processed personal data through technical and organizational measures
  1. Keeping a record of processing activities
  1. Ensure valid consent from data subjects for lawful processing
  1. Assessment of the impact on the individual rights and freedoms of natural persons
  1. Revise and update data security policies by providing for new appropriate procedures to meet new rights: right to data portability, the right to delete (or to be forgotten), etc.
  1. Definition of a Data Protection Officer
  1. Provide procedures for identifying, investigating incidents of personal data breaches and for promptly notifying the violation to the supervisory authority.
  1. Can the organization / firm prove that it has complied with the new Regulation by taking all necessary organizational and technical measures on a case by case basis?
  1. If a cross-border processing of personal data is carried out, a transmission mechanism shall be selected.
Back To Top
×Close search
Search