Eternity Law International News GDPR

GDPR

Published:
June 21, 2018

EU market is developed every day, as a result it increases a cross-border personal data flows including the usage of the Internet. The above mentioned causes the large problems with the protection of personal data. Thus, the main aim of GDPR is to protect personal data and personal data subjects. General Data Protection Regulation come into force from May 25, 2018.

GDPR is designed to promote the development of a space of freedom, security, justice and economic union; economic and social progress; strengthening the rule of law and convergence of economies within the domestic market, as well as the general well-being of individuals in EU member states.

GDPR are necessary to all EU Members States.  For non-resident companies of the EU, including CIS countries, the requirements apply in the following cases:

  1. Companies that supply their goods or services to individuals in the EU. For example, online stores, tour operators, transport companies that are in Ukraine and process the data of EU residents.
  2. Companies that carry out marketing research covering consumers from the EU.
  3. Companies that, in the course of their activities, gain access to the personal data of the subjects in the EU. It can be any Ukrainian companies that, for example, have access to the data of employees from the EU.

The main important innovations of the GDPR, which will affect cif countries, are:

  1. The necessity to introduce a new position in the company – Data Protection Office

There is a mandatory appointment of the person who is responsible for protecting the employee’s personal data by all companies dealing with a significant amount of personal data or with the “special” categories of such data. He can perform his duties both under an employment contract and on a civil law

The Officer must have an appropriate level of knowledge in the field of personal data protection. A group of companies may have one responsible if it ensures unrestricted access to the activities of each member of the group. In addition, he can work in the company either at the main place of work or in part-time.

  1. Necessity of the representative (representation) in the EU

If your company falls under the GDPR and is not located in the EU, the presence of an official representative of the company in the EU is necessary. The representative must be appointed as a contact person on all issues of protection of personal data of EU citizens for authorized authorities. It can be both physical and legal entity.

Among the mandatory requirements for a representative is to be established (for the legal entities) or to be (for individuals) in one of the countries whose citizens are persons whose personal data are processed or the behavior of which is being investigated.

The exception of this rule is: if data processing  is not permanent; if the personal data processed does not belong to the “special” categories (as already mentioned above, including, in particular, genetic, biometric data), relating to  criminal proceedings or accusations;

If the character of the data indicates that it is impossible to seriously violate the rights of the person in case of their leakage (it is not difficult to  assume that market participants who do not intend to fulfill this requirement of the GDPR for one reason or another will try to use such an estimation formulation to avoid it).

  1. Proof of compliance with GDPR requirements

GDPR establishes the duty to prove the company’s compliance with the new requirements. In order to prove compliance, the controllers must store all information relating to the activity with personal data (about the controller, data transfer operations, etc.).

  1. Increasing the level of personal data security

GDPR does not set clear criteria for assessing the level of compliance with security requirements. Instead, it operates with rating categories, which implies that controllers and processors should provide the highest possible level of information security for them, including the implementation of appropriate technical and organizational measures to ensure a high level of information security.

Security measures can be very different. It depends on what data are processed, on their quantity, on the possibility of leakage, etc. As an example of the steps that can be taken, the GDPR provides pseudonymization and encryption.

  1. Limitation of the use of cloud storage for the placement of personal data

In according to GDPR, the placement of personal data in cloud storage is considered to be transferable to third parties. It is necessary to beware of the storage with a low level of protection, as well as limit the placement of personal data on them. In this case, if data transfer via cloud storage occurs outside the EU without adequate security, such actions are in violation of EU law.

  1. The introduction of control over the transfer of personal data outside the European Economic Area

According to the general rule, personal data can be transferred to a third country only if there is a positive conclusion from the European Commission regarding the country’s compliance with high standards of personal data protection. The most acceptable for Ukraine will be the use of standard terms of the contract, which are approved by the European Commission.

  1. Overall increase of privacy

The regulation provides for the need for increased privacy. In addition to the standard of highest level of privacy by default (for example, in social networks), it may be necessary to collect the consent of the subject to handle each individual item of information that he enters.

The basic rights of subjects of personal data (for example, the right to access data about themselves or the right to demand the termination of the processing of personal data) were provided for by the Directive. The regulation introduced, for example, such rights as the right to data portability.

The subject of personal data can ask to transfer his personal data from one organization to another, for example, when changing the medical institution in which he is served.

The regulation also introduces a new right – the right to be forgotten, which allows the subject to require the deletion of data about himself from all company databases. It is important to note that such a right is not absolute and applies only in directly established cases. For example, if processing is carried out at the request of the law, the subject cannot exercise his right to oblivion.

Especially, the person must know the purpose of processing personal data already at the stage of its collection. If data collection is the result of a person’s will, the controller must demonstrate that she is presenting his personal data here and there.

Although there are currently similar rules in Ukraine, lawyers from the EU indicate that the current level of awareness of users is not enough, and social networks, together with the adoption of the GDPR, will change to unknowing.

In this regard, there are interesting provisions of the Regulation, which states that EU Member States should ensure the privacy of the workplace. In particular, if the employer monitors workers by installing cameras, the worker must know and consent to the processing of personal data. Such a rule will also apply in Ukraine if the employee is a citizen of the EU.

For personal consultation, please contact to our specialist. If you have any questions or need advice on protection of personal data or GDPR, call us on the numbers on the website or fill out and send us a form at the bottom of the page.

You could be interested

Estonian cryptocurrency exchange license

Estonia is a leader in the tech field, with a forward-thinking approach to innovations and regulation. This is particularly evident in the digital assets field, where Estonia has created a legal foundation that provides clarity and stability for legal entities operating in the sector. Getting Estonia license crypto is straightforward and the benefits are numerous....

Forex Brokerage License in Seychelles

If you plan to operate in financial markets and offer FX brokerage services to clients from regulated jurisdictions, you must apply for a Forex broker license, and Seychelles, definitely, suits well to get it. This license is required for all brokerage firms, mutual and hedge funds. Reasons for choosing an offshore jurisdiction Authorities in both...

Cyprus investment funds

By the openness of the ordinances and monetary approaches, Cyprus proposes a bunch of various investment prospects that enable shareholders to profit significantly due to earnings, hazard reduction, taxes prospects, and increased company safety. This article will inform you with additional info about the Cyprus Equity Fund. Alternative investment funds in Cyprus It is a...

Company for cryptocurrency in UK

The UK is on the list of the most favorable jurisdictions for doing business on mining and exchange of cryptocurrencies. In addition, such start-ups in the initial stages even receive support from the state. So far, in the UK, activities related to digital money are still not regulated at the legislative level. The Office for...

Maltese payment license

Malta has an excellent infrastructure and conditions for payment organizations, which is why it is often chosen by foreign entrepreneurs. E-money and Payment Institution licenses in Malta require the correct submission of documents and compliance with all demands put forward by the local regulator. In order to avoid mistakes at one or another stage of...

Ready-made company in Italy

Italy, a nation celebrated for its rich cultural heritage, storied history, and sumptuous cuisine, offers more than just its iconic attractions. Nestled within its picturesque landscapes and bustling cities lies a world of economic opportunities waiting to be explored. For those with entrepreneurial ambitions, Italy presents a promising destination. However, navigating the intricate maze of...

Discover our services

The international company Eternity Law International provides professional services in the field of international consulting, auditing services, legal and tax services.

Ready-made companies for sale

Companies with a bank account around the world

Banks for sale

Established Banks for sale

Ready-made licenses for sale

Forex, cryptocurrencies, gambling, EMI, PSP, SVF, MSO, DLT

Licensing

Forex licenses, cryptocurrencies, gambling, EMI, PSP, SVF, MSO, DLT

Offshore company registration

Expert advice on the acquisition of an offshore company

Open a bank account

Open bank accounts in more than 120 banks around the world
Fill the blank:

Zurich

Dreikonigstrasse, 31A, Stockerhof
+41 435 50 73 23

Kyiv

Baseina street, 7
+38 094 712 03 54

London

Grosvenor Gardens, 52
+44 203 868 34 37

Washington

1629 K St. Suite 300 N.W.
+1 (888) 647 05 40 Toll Free

Vilnius

Gediminas Avenue, 44A
+370 52 11 14 32

Tallinn

Kesklinna linnaosa, Tuukri 19
+372 880 41 85

Edinburgh

Lochrin Square, 1
+44 203 868 34 37

Nicosia

Jacovides Tower, 5 floor
+371 665 550 51

Riga

Esplanade, 7 floor
+371 665 550 51

Hong Kong

18 Harbour Road, 35/F, Central Plaza, Wanchai
800938622 Toll Free

Singapore

Level 42, Suntec Tower Three, 8 Temasek Boulevard
+6531594300

Sydney

20 Martin Place
+61 2 888 00 365

Porto

2609 Avenida da Boavista
+351 800 500 206 Toll Free

Tbilisi

Revaz Tabukashvili Str., N 45, area N 7
+995706070360