logo-ict-w.svg

Menu

cs
en

+420 225 103 222

GDPR Data Protection

Protect your data. In case of violation, non‑implementation or non‑preparedness for the new regulation, obliged entities may face heavy fines which, in many cases, can lead to liquidation.

hero_6baa916a02.png

GDPR

Protect your data

Following the example of the competition law, the GDPR introduces fines several times higher than we have been used to. They are capped at €20,000,000 or 4% of the company's total annual turnover (the higher of the two) and will depend on a number of factors such as the nature, severity and duration of the breach, the number of citizens affected and the extent of the damage, the steps taken by the controller or processor to mitigate the damage, the category of personal data affected by the breach and a number of others. It is important to highlight that the maximum fine can be imposed on both a smaller company with five employees and a large multinational corporation if it fails to take the necessary steps to comply with the principles and obligations under GDPR.

What is personal data?

Personal data are name, gender, age and date of birth, civil status, but also IP address and photographic record. In the case of an individual entrepreneur, this includes company information, such as an e-mail address, telephone number or various identification data issued by the state.

Special categories include: information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation and criminal offences or convictions.

According to the Regulation, sensitive data are genetic data, biometric data and personal data of children. These are subject to much stricter rules.

What obligations does the GDPR impose on organizations?

  • GDPR imposes the obligation for data controllers and processors (regardless of their size or number of employees) to put in place technical, organizational and procedural measures to demonstrate compliance with the principles of the GDPR.
  • Implementation of deliberate and necessary data protection
  • Preparation of a data protection impact assessment (DPIA)
  • Appointment of the Data Protection Officer (DPO)
  • Introduction of the pseudonymisation of personal data
  • Keeping records of processing activities
  • Consultation with the supervisory authority before the actual processing of personal data

Marcela

Specialistka GDPR

iStock-502299435.jpg