This year, a new set of rules was adopted by the EU. The Regulation (EU) 2016/679 (the General Data Protection Regulation, or “GDPR”) will replace the abovementioned Directive. The regulation now takes in account all specifics of the new digitalized world, which will carry data protection law forward. This, however, means changes to compliance obligations and more strict rules for Website, Mobile App and Software owners.
Who do the new rules apply to?
The new Regulation, imposing Privacy (Policy) obligations, will apply to and impact almost every organization or company based in the EU. Apart from that, companies that either offer goods or services to EU residents or monitor the behaviour of EU residents, thus doing business within the EU will be subject to the rules of the GDPR.
What are the penalties?
Under the new Regulation, failure to comply with its rules can lead to ground-breaking legal fines. The greater of €20 million, or 4% of the company’s worldwide turnover can be imposed on those who do not have comprehensive rules and do not abide to them. Those legal fines will now be fully able to destroy a large business, let alone small or medium sized enterprises (SMEs).
Increased amount of obligations?
Indeed. Business owners will have the bar for compliance raised considerably. New requirements will need to be fulfilled in Privacy Policies; stricter limits on the collection and use of personal data will be imposed; individuals will have greater right of action in order to enforce their rights against Website, Mobile App and Software owners.
Satisfying these new requirements will be a serious test for many of the latter.
You need to prepare!
Early planning is essential.
Enforcement of the new rules start in 2018. And although that seems like ages from now, it should be noted that all business owners need to bring their operations into compliance with the Regulation BEFORE 2018. As the GDRP radically changes most of the aspects concerning the collection and processing of personal data, the scale of this task and especially the seemingly excessive amount of legal fines (which is actually not!) should not be underestimated.
Lege Nova’s team has now attended a number of seminars, trainings and conferences in order to expand the knowledge around the upcoming GDPR developments to the fullest extent possible.
Our practice is ideally positioned to guide Website, Mobile App and Software owners through the process of understanding and complying with the Regulation rules relating to online business. Combined with our lasting, deep experience in the sector of Data Protection, Lege Nova is now fully prepared to advise companies on their new data protection compliance obligations under the new General Data Protection Regulation.