Skip to content

GDPR and protection of personal data

With the adoption of Regulation No. 2016/679 (GDPR), companies were obliged to draw up personal data protection policies. The Regulation is concerned with the protection of natural persons in relation to the processing of personal data and on the free movement of such data. It is a legal act that has direct effect in the Member States and as such is binding on every country in the European Union.

Personal data is of a variety of different types. These are names, ID numbers, passport numbers, email addresses, IP addresses, permanent addresses, even photographs. All those who store personal data are obliged to do so under the Regulation. For example:

● all companies that offer services;
● all companies that offer services;
● hospitals and medical institutions;
● schools;
● tour operators and others.

If you own an online store, it’s a good idea to tailor your website. I.e. make Terms and Conditions and a privacy policy. These should be prominently displayed on the website for quick and easy access by users.

All breaches of the regulation are monitored by the Commission for Personal Data Protection (CPDP). It may sanction you for unlawful processing of personal data and/or instruct you to correct irregularities.

The Regulation treats the processing of certain types of personal data as “sensitive”. These are health status, sexual orientation, political opinions, ethnic origin, biometric data and others. For these, the storage requirements and sanctions are increased.

GDPR drafting procedure
To bring your company in line with the requirements of the regulation, an audit of the infrastructure – technological and physical – should be carried out. A set of documents should be built that meet both the regulations and your office’s available capabilities. To this end, rules, policies and instructions for employees should be written down, as well as a plan of action in the event of a personal data leak.

At the same time, you must prepare the necessary records of personal data processing activities, declarations of consent to the provision of personal data, and a data protection impact assessment. Each data controller should also appoint a data controller – an official.

In case you need to prepare a policy on the collection and processing of personal data, general terms and conditions for a website, internal company rules under GDPR, and if you have other questions related to the processing of personal data, you can contact a good lawyer from Legal Frame, who can provide you with advice and prepare an action plan in relation to the protection of personal data.

Need a consultation?

Call Now ButtonОбади се