The evolution of technology and the way personal data is collected and processed affects everyone’s life every day. It is therefore not surprising that all companies process personal data. Every company collects at least personal data from its own staff, maintains a customer database, or engages in direct marketing. Companies must comply with the obligations arising from European regulations on the protection of personal data (“Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data”, “GDPR”).
A company that is not compliant with the GDPR risks a fine of up to 4% of its annual turnover and up to a maximum of 20 million EUR. In addition, a fine for a company also means a lot of media attention, which undoubtedly leads to damage to its reputation and image. The message for every company is therefore to be GDPR compliant.
Since May 25, 2018, the GDPR has been in effect. It applies to all companies that process personal data of individuals in the European Union, regardless of whether the company is established in the European Union. The GDPR includes obligations for companies regarding the collection, storage, and protection of personal data.
Personal data includes all information about a person that allows their identity to be discovered. This includes, among other things: a name, address, email address, IP address, preferences, CV, health data, etc.
The GDPR provides some important principles that a company must comply with when processing personal data. Adhering to the following basic principles is a fundamental cornerstone for good data protection practice:
The company as the data controller is responsible for compliance with these principles. As mentioned, non-compliance with the principles can result in significant fines.
Recently, BOFIDILegal can assist its clients with GDPR compliance aspects, such as:
Do you have any questions about this or would you like GDPR compliance tailored to your company? Do not hesitate to contact us via info@pkfbofidilegal.com.