There has also been a change in the type of request to save cookies (cookies) – temporary files and the possibility of using personal data.
This is due to the entry into force of the updated GDPR Regulation (GeneralDataProtectionRegulation) of the European Union No. 2016/679, which applies to all Internet pages from 05.25.2018.
The GDPR document sets forth the basic requirements and rules regarding the use of personal data (PD), as well as to all participants in the Regulation.
A very topical issue of the GDPR regarding organizations outside the EU is the requirement for the export (movement) of PD outside the territory of the Union of European States.
The main need to comply with the requirements of the GDPR Regulation is the case when the company acts:
There are a number of sanctions for non-compliance, so all companies that somehow work with users from the EU are required to adhere to the GDPR.
The movement of PD from the EU countries occurs between the following data import and export entities:
The fundamental principle of Ch. 5 of the GDPR Regulation on the permitted export of PD outside the EU states that regardless of where the PD is processed, the Regulation guarantees the established level of protection of the rights of individuals.
This regulation fully applies to the countries of the European Economic Area (CES), which in addition to the EU countries include Liechtenstein, Iceland, and Norway.
The export of personal information between the EU and the CES is positioned as the movement of PD across the EU.
Countries that are not in the EU, but are data importers, must be prepared for such requests to be consistent with GDPR rules, without which doing business in the EU will become illegitimate.
Regardless of the location of the data importing country, all GDPR points apply to it regarding the organization of the necessary PD protection measures, as well as the appointment in some situations of a representative in the European Union, and a database protection inspector (DataProtectionOfficer, DPO).
Only after signing a bilateral agreement will it be possible to process PD on the guarantee of an EU controller.
Eternity Law International specialists will assist you in providing legal assistance in establishing compliance of your business structure with GDPR Regulation. Any difficulties can be overcome.
We will tell you which jurisdiction in the EU or outside it to choose to register and conduct your business. We will help you write Privacypolicy and other clauses in accordance with GDPR.
The international company Eternity Law International provides professional services in the field of international consulting, auditing services, legal and tax services.