"The EU General Data Protection Regulation: GDPR" - workshop held by Beatrice Masserini (Studio Cassinis, Italy) at the TRA Annual Meeting 2018 in Athens
Amid mounting criticism of Ireland’s privacy watchdog, top European Commission official Didier Reynders has come to Dublin’s defense, brushing off calls to penalize the country over claims it has failed to uphold Europeans’ privacy rights.
The defense, in a letter to MEPs, comes after lawmakers including Sophie in ‘t Veld and Tineke Strik from the Netherlands and Cornelia Ernst and Birgit Sippel from Germany urged the EU executive to open a disciplinary procedure against Dublin.
Data theft rules and regulations things you should know (pt.1)Faidepro
The IT Act appears to be adequate in regards to data theft, it is insufficient in addressing the minute technical intricacies involved in such a crime, leaving gaps in the law and allowing the perpetrators to get away with it. Since this problem affects more than one country and has international implications, we have briefed the countries that have such law and how it works; Which will be covered in two parts.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
"The EU General Data Protection Regulation: GDPR" - workshop held by Beatrice Masserini (Studio Cassinis, Italy) at the TRA Annual Meeting 2018 in Athens
Amid mounting criticism of Ireland’s privacy watchdog, top European Commission official Didier Reynders has come to Dublin’s defense, brushing off calls to penalize the country over claims it has failed to uphold Europeans’ privacy rights.
The defense, in a letter to MEPs, comes after lawmakers including Sophie in ‘t Veld and Tineke Strik from the Netherlands and Cornelia Ernst and Birgit Sippel from Germany urged the EU executive to open a disciplinary procedure against Dublin.
Data theft rules and regulations things you should know (pt.1)Faidepro
The IT Act appears to be adequate in regards to data theft, it is insufficient in addressing the minute technical intricacies involved in such a crime, leaving gaps in the law and allowing the perpetrators to get away with it. Since this problem affects more than one country and has international implications, we have briefed the countries that have such law and how it works; Which will be covered in two parts.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Read about the data privacy protection & advisory in India - evolving rights and obligations related to data privacy & the implementation of data protection reforms.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
European Data Protection and Social NetworkingDavid Erdos
These slides explore significant issues arising under data protection for both users and platforms as a result of the publication of third party personal data on such sites. Although the GDPR’s new wording of the household exemption could potentially exclude non-intrusive processing (e.g. sharing innocuous pictures taken in public), the Court of Justice of the EU (CJEU) is increasingly insistent that users acquire responsibilities when the publish such data to an indeterminate number. In principle, most EU Data Protection Authorities (DPAs) accept this although others including the UK and Irish have been very resistant. Many users could therefore have weighty data protection obligations here, although if contributing to a collective public debate they may be covered by the journalistic/special expression derogation and in any case there is a need for a balance with freedom of expression. CJEU ʻjoint controllerʼ case law also points to social networking sites have their own duties here, a proposition which has been backed by Working Party, the UK DPA and the UK courts. Whilst the e-Commerce ʻhostʼ shield should significantly limit ex ante responsibility here, this must be tempered by the ʻduty of careʼ which is inherent in being a ʻcontrollerʼ under data protection. In sum, data protection in principle remains central to the regulation of ʻonline harmsʼ here although ensuring effective and well-balanced regulation in practice remains a formidable challenge.
See further:
“Intermediary Publishers and European data protection: Delimiting the ambit of responsibility for third-party rights through a synthetic interpretation of the EU acquis”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018) - https://academic.oup.com/ijlit/article/26/3/189/5033541
“Beyond ʻHaving a Domesticʼ? Regulatory Interpretation of European Data Protection Law and Individual Publication”, Computer Law and Security Review (Vol. 33 (3), pp. 275-297) (2017) - Pre-print https://www.repository.cam.ac.uk/handle/1810/263883
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
GDPR could cost you 4% of global revenues because of data you did not know you had. Here's how to solve the GDPR tangle without investing in the latest shiny object.
General Data Protection Regulation for OpsKamil Rextin
A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
This week, Europe's data protection rules will undergo their largest reform in several decades. The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive, effective as of May 25, 2018.
Privacy is not a choice and it should not be the price played for our access to internet. We live in an era where everything is digitalized and anybody and everybody, from a child to a 70 year old accesses the same on a regular basis. Great advances in the technological field constitute a greater danger to the privacy of every individual. The constant question that arises is whether the data principal consents to the information provided and disseminated Mercerization of personal information has opened pits of security breaches and data privacy problems. When one consents to provide his data, does he consent to the dissemination of the same The very idea that consumers must make a trade off between privacy and security has been wiped away by the very enactment of the General Data Protection Regulation. This paper stands as proof that, GDPR is the answer to all the data privacy questions and problems faced by the society. The author briefs through the history of enactment EU GDPR and its necessity. The paper brings out both the endless advantages of GDPR as well as the few disadvantages present. The extensive research on GDPR has prompted the author to attract attention to the key changes seen after the implementation of GDPR and the robust data privacy regime built by its awakening. The main cerebration of the authors by referring to the above submissions is that GDPR is a need of the hour and is for the betterment of the society as a whole. Pranaya Dayalu | M. Punnagai ""GDPR: A Privacy Regime"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23460.pdf
Paper URL: https://www.ijtsrd.com/humanities-and-the-arts/other/23460/gdpr-a-privacy-regime/pranaya-dayalu
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Read about the data privacy protection & advisory in India - evolving rights and obligations related to data privacy & the implementation of data protection reforms.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
European Data Protection and Social NetworkingDavid Erdos
These slides explore significant issues arising under data protection for both users and platforms as a result of the publication of third party personal data on such sites. Although the GDPR’s new wording of the household exemption could potentially exclude non-intrusive processing (e.g. sharing innocuous pictures taken in public), the Court of Justice of the EU (CJEU) is increasingly insistent that users acquire responsibilities when the publish such data to an indeterminate number. In principle, most EU Data Protection Authorities (DPAs) accept this although others including the UK and Irish have been very resistant. Many users could therefore have weighty data protection obligations here, although if contributing to a collective public debate they may be covered by the journalistic/special expression derogation and in any case there is a need for a balance with freedom of expression. CJEU ʻjoint controllerʼ case law also points to social networking sites have their own duties here, a proposition which has been backed by Working Party, the UK DPA and the UK courts. Whilst the e-Commerce ʻhostʼ shield should significantly limit ex ante responsibility here, this must be tempered by the ʻduty of careʼ which is inherent in being a ʻcontrollerʼ under data protection. In sum, data protection in principle remains central to the regulation of ʻonline harmsʼ here although ensuring effective and well-balanced regulation in practice remains a formidable challenge.
See further:
“Intermediary Publishers and European data protection: Delimiting the ambit of responsibility for third-party rights through a synthetic interpretation of the EU acquis”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018) - https://academic.oup.com/ijlit/article/26/3/189/5033541
“Beyond ʻHaving a Domesticʼ? Regulatory Interpretation of European Data Protection Law and Individual Publication”, Computer Law and Security Review (Vol. 33 (3), pp. 275-297) (2017) - Pre-print https://www.repository.cam.ac.uk/handle/1810/263883
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
GDPR could cost you 4% of global revenues because of data you did not know you had. Here's how to solve the GDPR tangle without investing in the latest shiny object.
General Data Protection Regulation for OpsKamil Rextin
A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
This week, Europe's data protection rules will undergo their largest reform in several decades. The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive, effective as of May 25, 2018.
Privacy is not a choice and it should not be the price played for our access to internet. We live in an era where everything is digitalized and anybody and everybody, from a child to a 70 year old accesses the same on a regular basis. Great advances in the technological field constitute a greater danger to the privacy of every individual. The constant question that arises is whether the data principal consents to the information provided and disseminated Mercerization of personal information has opened pits of security breaches and data privacy problems. When one consents to provide his data, does he consent to the dissemination of the same The very idea that consumers must make a trade off between privacy and security has been wiped away by the very enactment of the General Data Protection Regulation. This paper stands as proof that, GDPR is the answer to all the data privacy questions and problems faced by the society. The author briefs through the history of enactment EU GDPR and its necessity. The paper brings out both the endless advantages of GDPR as well as the few disadvantages present. The extensive research on GDPR has prompted the author to attract attention to the key changes seen after the implementation of GDPR and the robust data privacy regime built by its awakening. The main cerebration of the authors by referring to the above submissions is that GDPR is a need of the hour and is for the betterment of the society as a whole. Pranaya Dayalu | M. Punnagai ""GDPR: A Privacy Regime"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23460.pdf
Paper URL: https://www.ijtsrd.com/humanities-and-the-arts/other/23460/gdpr-a-privacy-regime/pranaya-dayalu
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
“The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use the personal data of EU individuals.
Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties
and avoid potentially costly penalties.”
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
Cognizant business consulting the impacts of gdpraudrey miguel
In May 2018, GDPR (Global Data Protection Regulation) will come into force in Europe. Conventional wisdom is that GDPR will cause significant legal changes for many organizations and result in yet another regulatory-driven upheaval in technology. But is this an accurate assessment of the likely impact?
This study provides guidance on some of the most important aspects of the GDPR for companies outside the EU and describes some of its key implications with regards to organisational IT and governance. It also offers some key practical advice on steps that can ensure compliance with the GDPR.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
A brief outline of the challenges that could be face by financial institutions with the implementation of the GDPR and recommendations to mitigate them
With GDPR on the horizon, businesses are expressing concerns over the pressures to prepare ahead of the 25th May. However, the process of compliance needn’t be so overwhelming...
Data protection for Lend.io - legal analysis by Bird and BirdCoadec
New EU data protection rules are coming, with the General Data Protection Regulation likely to be agreed in the next few months. It will have a massive impact on digital businesses
To bring this rather dry subject to life, Coadec working together with techUK has commissioned a leading data protection law firm to look at what current drafts of the new law would mean for a fintech startup we invented, Lend.io.
In spite of the overheatedly debated topic of cryptocurrencies, where, it seems, the main focus was put on the sharply rising or falling prices of Bitcoin and the likes, the underlying technology – blockchain – continues to attract attention, now also across the transport & logistics domain. Luckily, one doesn’t need to be a nerdy tech geek to understand this, at first glance confusing, innovation. The purpose of blockchain is to allow digital information to be distributed – but not copied or freely modified. This way data integrity is preserved. In other words, all parties involved in the chain share the same view.
I am happy to present my most recent article for the Baltic Transport Journal. Please be invited for a quick legal overview of the EU-Japan Economic Partnership Agreement.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region.
INTRODUCTION
What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
RIGHTS OF VICTIM EDITED PRESENTATION(SAIF JAVED).pptxOmGod1
Victims of crime have a range of rights designed to ensure their protection, support, and participation in the justice system. These rights include the right to be treated with dignity and respect, the right to be informed about the progress of their case, and the right to be heard during legal proceedings. Victims are entitled to protection from intimidation and harm, access to support services such as counseling and medical care, and the right to restitution from the offender. Additionally, many jurisdictions provide victims with the right to participate in parole hearings and the right to privacy to protect their personal information from public disclosure. These rights aim to acknowledge the impact of crime on victims and to provide them with the necessary resources and involvement in the judicial process.
Introducing New Government Regulation on Toll Road.pdfAHRP Law Firm
For nearly two decades, Government Regulation Number 15 of 2005 on Toll Roads ("GR No. 15/2005") has served as the cornerstone of toll road legislation. However, with the emergence of various new developments and legal requirements, the Government has enacted Government Regulation Number 23 of 2024 on Toll Roads to replace GR No. 15/2005. This new regulation introduces several provisions impacting toll business entities and toll road users. Find out more out insights about this topic in our Legal Brief publication.
Introducing New Government Regulation on Toll Road.pdf
Are you compliant?
1. 34 | Baltic Transport Journal | 3-4/2018
F
irst and foremost, the GDPR pro-
vides a number of new rights to
European citizens. The most fun-
damental one is the legal basis for
data processing which is, in fact, the consent
of the person whose data is to be processed.
As provided in the art. 4(11), the consent
per se has to be given freely, unambiguously
by statement or clear affirmative action.
Permission from clients can be accepted in
several ways, e.g., in writing, electronically,
or verbally. Importantly, companies have to
ensure that it is as easy to withdraw the given
consent as it was to give it in the first place.
There’s a set of additional rights granted
under the GDPR, namely right to access data
(art. 15); right to rectify data (art. 16); right
to delete data (art. 17; known also as the
“right to be forgotten”); right to limit pro-
cessing (art. 18); right to transfer data (art.
20); and right to object (art. 21). Moreover,
the GDPR sets out seven key principles that
should lie at the heart of data processing:
lawfulness, fairness, and transparency; pur-
pose limitation; data minimisation; accu-
racy; storage limitation; integrity and con-
fidentiality (security); and accountability.
At the moment, every company operat-
ing in the shipping industry worldwide has
The GDPR’s impact on the maritime industry
Are you compliant?
by Mateusz Romowicz, Legal Counsellor,
and Gabrielė Vilemo Gotkovič, Legal Assistant,
The Mateusz Romowicz Legal Consultancy
The General Data Protection Regulation (GDPR) entered into force on 25 May. By introducing a new standard
of data protection, it was designed to harmonize data privacy laws across the European Union. However,
this legal instrument has an extraterritorial effect and as such also concerns foreign companies operating
within the EU or process data of its citizens. Beyond doubt, maritime companies will be affected by the GDPR
as they deal with large volumes of personal data, including on employees, business contacts, passengers,
vessel crews, contractors, etc. The Regulation also entails stricter rules and higher fines.
to comply with the GDPR’s provisions when
EU citizen’s privacy rights are in question.
This will have a major impact on those com-
panies both time- and money-wise.
Bureaucracy, costs, and…
The companies that wish to be compatible
with the new law will be subject to an enor-
mous amount of formal requirements and
paperwork. All relevant activities should
be implemented by means of appropriate
internal procedures and duly documented.
For this purpose, it is recommended to pre-
pare appropriate documentation indicating
the measures taken to properly implement
and apply the GDPR (such documentation
may include, i.a., appropriate security cer-
tificates and certifying the competence of
persons having the access to personal data,
guidelines for employees, reports and risk
analysis, and certification of the measures
used to secure ICT systems).
The art. 30(1) of the GDPR obliges each
data administrator to keep a register of
personal data processing activities. At first
glance, this obligation binds only those com-
panies which have more than 250 employ-
ees. However, it may still apply to smaller
companies when data processing may cause
a risk of violation, is not occasional, or
includes specific categories of information
(e.g. race, trade union affiliation).
When the main activity of the admin-
istrator or processor consists of processing
operations which by their nature, scope, or
objectives require regular and systematic
#Inside
#GDPR#New rights#Key principles
#Implementation#Obligations
#Data Protection Officer
#Costs#Fines#Legal liability
#EU regulation#National legislation
Photos:pixabay.com
2. 3-4/2018 | Baltic Transport Journal | 35
Legal
CYPRUS
GERMANY
POLAND
AUSTRIA
GREECE
ROMANIA
BULGARIA
HUNGARY
DENMARK
LITHUANIA
LATVIA
ESTONIA
FRANCE
ITALY
SLOVENIA
CROATIA
SLOWAKIA
CZECHIA
SPAIN
PORTUGAL
IRELAND
BELGIUM
LUXEMBURG
THE
NETHERLANDS
THE
UNITED
KINNGDOM
MALTA
SWEDEN
FINLAND
Passed law
Draft (incl. bill)
No draft
monitoring of data subjects on a large
scale, then appointing a Data Protection
Officer (DPO) is obligatory under the
GDPR. What’s more, the administrator is
required by the GDPR to carry out an analy-
sis whether it is obliged to appoint a DPO.
However, even if such an obligation does not
directly come from the GDPR, according to
the position of the GDPR Working Group
(the opinion-forming body that co-created
the Regulation’s contents), appointing an
inspector is strongly recommended. The
appointment of such a person gives addi-
tional security guarantees – it confirms that
the relevant body has acted with due dili-
gence as regards the protection of personal
data. The art. 37(5) provides that a DPO
should be designated on the basis of pro-
fessional qualities and, in particular, expert
knowledge of data protection law and prac-
tices, as well as the ability to fulfil the objec-
tives of the Regulation.
… even more expenses
As one can well imagine, these neces-
sary changes will be time-consuming and
will incur unavoidable costs. According to
the authors of the article It’ll Cost Billions
for Companies to Comply With Europe’s
New Data Law published in Bloomberg
Businessweek, the world’s 500 biggest cor-
porations are on track to spend a total of
$7.8b to comply with the GDPR.
The risk of non-compliance also entails
potentially very high costs. The regulators
will have the power to fine businesses which
breach GDPR requirements – up to 4% of
their worldwide turnover. In the event
of violation of the rights of individuals,
the administrator is exposed to civil and
administrative legal liability, too. In the
scope of the first type of liability, the GDPR
provides persons whose rights have been
violated with the possibility, i.a., to apply
to the court demanding that the adminis-
trator refrains from violating or ordering
specific behaviour, or for awarding dam-
ages. In addition, a data administrator is
also exposed to administrative sanctions,
taking the form of penalties. Specifically, it
can result in a fine of up to €10m, and in the
case of a company or group of companies
with a total worldwide turnover exceeding
€500m – up to 2% of total global turnover
from the previous year; or a fine of up to
€20m, and in the case of an enterprise or
group of companies with a total worldwide
turnover exceeding €500m euro – up to
4% of total global turnover from the pre-
vious year.
Who’s prepared?
Already in 1995, the EU legislated on the
protection of personal data. As such, the
GDPR is a legal instrument with roots in
the previous century (though, ever since the
Internet boom a lot of things have changed
regarding how personal data is targeted
by companies with more or less honest
intentions). Then again, barely a handful
of EU Member States was actually prepared
for the GDPR, implementing appropriate
national legislation in order to adjust their
legal systems to the Regulation.
However, it does not mean that other
countries have resigned from introduc-
ing national modifications (Fig. 1). The
majority of EU Member States have by
now drafted at least some kind legisla-
tion that’ll have to be passed in due time.
That said, it’s worth emphasizing that it
is not recommended for entrepreneurs to
refrain from adapting to the GDPR and
its policy until the adoption of the new
law on the protection of personal data in
their respective EU Member State. The
GDPR is a regulation – hierarchically the
most important legal act of the European
Union – which means that the provisions
of the GDPR are directly binding and
applicable, having an immediate effect.
In other words, as of 25 May this year, the
Regulation applies in full and entities that
perform the relevant activities, including
the collection and processing of personal
data, are forced to strictly comply with
these provisions. After all, non-compli-
ance can be very, very costly. ‚
The Mateusz Romowicz Legal Consultancy was established in 2006 in
Gdynia. It began with offering legal consultation to natural persons,
especially Polish seafarers, and maritime workers and companies, to
extend its activities over time to provide nowadays a broad range of legal
services for numerous Polish and foreign entities. Today, the consultancy’s
core expertise covers maritime law, seafarers’ taxes and compensation,
and legal support of seafarers, shipowners, and shipbuilders.
Source: GDPR Resource Center