• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

GDPR - the countdown begins

08 February 2018
Managing time

As of 25 May 2018 the General Data Protection Regulation (“GDPR”) becomes effective and will replace the National Data Protection Acts of all EU member states.

As of 25 May 2018 the General Data Protection Regulation (“GDPR”) becomes effective and will replace the National Data Protection Acts of all EU member states.

The GDPR brings significant challenges for companies of all sizes. It foresees tighter requirements for the processing of personal data and any infringement of the statutory requirements can be subject to administrative fines up to EUR 20 million or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. 

To avoid such sanctions, the following measures are – among others – urgently needed:

  • The processing of data must be documented by the Controller in order to comply with its obligation of accountability, held in the form of a record of processing. 
  • The requirements for contracts for data processing are changing with the GDPR. This means that these contracts need to be revised. The same is also true of employment agreements.
  • The Controller is obliged to carry out an assessment of the possible impact of the envisaged processing operations (“data protection impact assessment”) if the processing is likely to result in a higher risk to the rights and freedoms of the natural person. Does this apply to you? This may especially be the case where using new processing technologies to conduct an extensive evaluation of personal aspects of the natural person on automated processing and profiling or because of processing a large scale of special categories of data like health data.
  • Every company is under the legal obligation not just to be compliant with the requirements of the GDPR and, moreover, must be able to prove this.
  • The transfer of data to a recipient which is not based within the EU may be possible – e.g. at group-internal transfers or for the use of cloud-solutions –, however, this requires further legal preconditions.
The above are just some of those issues that you must bear in mind when asking yourself the question - Is your company compliant with the GDPR? Further information is however available in the enclosed legal update.

Further Reading

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set when you accept.

For more detailed information about the cookies we use, see our Cookies page.

Manage your cookies

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set when you accept.

For more detailed information about the cookies we use, see our Cookies page.

Necessary cookies

(Required)

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.