General Data Protection Regulation
GDPR or General Data Protection Regulation entered into force on 25 May 2018 and has been applied ever since.
Since every company is obliged to implement the Regulation (EU) 2016/679 of the European Parliament and Council from 27 April 2016, i.e. the General Data Protection Regulation into their business activities, all due to the fact that all economic subjects in Europe, and wider, that handle personal data of any natural person, have an obligation to implement the above mentioned Regulation.
If an economic subject does not implement the provisions of the Regulation into their business activities, the monitoring body – as of now still – the Agency for personal data protection (Agencija za zaštitu osobnih podataka – AZOP) – when conducting monitoring inspection, will be authorized to impose administrative penalties to economic subjects in the maximum amount of 4% of the annual global turnover.
Therefore, it is necessary for every economic subject in Europe, and wider, to implement the Regulation, which is normally implemented in three key phases:
1. PRE-IMPLEMENTATION PHASE – a phase during which information on personal data processing procedures are gathered from the economic subject as the future data processing manager and based on the gathered data, the ANALYSIS OF THE CURRENT (FOUND) STATE is conducted. Based on the analysis data, FINAL REGISTRY OF THE CURRENT (FOUND) STATE is elaborated in the tabular form, in which all analysed data are aligned into categories according to their compliance. The final part of this phase is elaboration of the INITIAL EVALUATION OF IMPACT ON PERSONAL DATA PROTECTION.
Pre-implementation phase also serves for arrangement and establishment of ways of elaboration and implementation procedures based on the above obtained results. All disputable issues are addressed and the implementation plan is drawn up. The training for the company’s personnel, that will be a part of the implementation procedure and that will continue to conduct further personal data processing in company’s business activities, is initiated and the legal basis for the implementation of the Regulation is prepared.
2. IMPLEMENTATION PHASE – main phase – of implementation – is executed in two directions:
1. ALL MANDATROY MATERIAL DOCUMENTATION IS DRAWN UP AS PRESCRIBED BY THE REGULATION (RULEBOOKS, DECISIONS, STATEMENTS, CONSENT, REGISTRY, CAJOLEMENT, TABULAR REPRESENTATIONS, FORMS, CODEXES, FORMS FOR RISK EVALUATION, CONTACTS AND CONTRACT ANNEXES ON DATA PROCESSING, WORK CONTRACT ANNEXES, ELABORATION OF CONFIDENTIALITY CONTRACT, FORM ON EXECUTOR’S RELIABILTY REVIEW, ORDERS AND INSTRUCTIONS ON DATA PROCESSING BY THE EXECUTOR/SUB-EXECUTOR, PRODUCTION OF MANDATORY PROCEDURES AND EVERYTHING ELSE THAT IS OBLIGATORY ACCORDING TO THE REGULATION
2. A REVISION AND ADJUSTMENT OF THE EXISTING MATERIAL DOCUMENTATION AND FILES TO THE REGULATION IS CONDUCTED
3. POST-IMPLEMENTATION PHASE – after finishing the implementation procedure, the service that we offer also consists of all legal assistance during the following 6 months after application of the Regulation in the form of consultation and adjustment of the existing structure with potentially new and altered solutions, due to the fact that the Regulation itself to this day does not determine all procedures and guidelines on the adjustment process.
Part of our team is also an IT company which monitors the implementation of the GDPR regulation from the software aspect, in cases where the economic subject uses computer programs for personal data processing in their business activities, have their own website or web shop, or any other applications that have to be harmonized with the GDPR regulation.
Currently there are three offers:
1. The first offer is the implementation of the Regulation into the client’s business activities and training of Data Protection Officers (DPOs).
2. The second offer is also the implementation of the Regulation into the client’s business activities and the possibility of DPO outsourcing.
3. The third offer is legal education for the implementation of the Regulation into the client’s business activities.
In order for us to create a customised offer for you that is in line with the amount of data that needs to be processed and with your business needs, please leave us a query.
Some of our GDPR references: Studio 33, Incor, Li-reco, Personal International, Angan