The new European General Data Protection Regulation (EU 2016/679), also known as GDPR, aims to protect individuals with regards to the processing of their personal data and the free movement of such data.
The Regulation is a stronger and modernized version of the 1995 Data Protection Directive (95/46/EC), and differs to the extent that it has now direct horizontal effect in the Member States, it sets stricter requirements and provides for high fines for infringers.
Which entities does it affect?
The Regulation applies to any corporation and organization that processes (eg collects, registers, stores, uses, transmits, deletes etc.) personal data of individuals in the Union. It applies to all public and private entities, from the smallest companies to the largest Groups, with establishments even outside the Union, irrespective of the sector or activity.
When does it come into effect?
The Regulation is in force in all Member States since May 2016. It has just been granted a 2-year transition period until 25 May 2018, when it will be fully applicable, including the high fines.
What are the fines?
Infringements of the Regulation may incur fines of up to € 20,000,000 or, in the case of businesses, up to 4% of the total annual turnover of the previous fiscal year, whichever is higher.
Contact us to find out
- - to what extent the Regulation does concern your business,
- - what are the personal data and how they should be protected,
- - what does processing mean and how it is legally conducted,
- - what the Regulation provides for the consent of the subject,
- - what measures to take to protect your business against fines,
- - if you need to appoint a Data Protection Officer in your business,
- - if you are required to keep records for processing activities,
- - and anything else which concerns your business with regards to the Regulation.
The key of success
Our team, consisting mainly of fully qualified lawyers and IT consultants, is available to provide you, with integrated solutions, like:
- - information, training and advisory services,
- - personal data mapping and gap analysis,
- - GDPR compliance program with proposals for the implementation of the Regulation using appropriate organizational and technical measures, including procedures and policies for security and protection of personal data,
- - internal control of the proper application of personal data protection measures.
Do not miss further any valuable time and get informed about your obligations by contacting our GDPR Compliance Team, managed by Maria Sarantopoulou, Legal Advisor and DPO Executive Certified by TUV Austria Hellas via her email: maria.sarantopoulou (AT) eurofast.eu