The New Challenges of Personal Data Protection
Entry into force of the RGPD on May 25, 2018
In order to ensure the respect for the fundamental right to citizens’ data protection, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals, was adopted. It concerns the processing of personal data and the free movement of such data (better known as the General Data Protection Regulation or GDPR), which entered into force on 25 May 2018.
The GDPR imposes a set of requirements and obligations on all entities that carry out operations of processing of personal data, whatever their nature, with personal information being understood as all information relating to a person.
Pinto Ribeiro Advogados has been supporting its clients in the process of adapting to the new regulatory framework, helping them to promote the necessary transformations and changes within their organizations to comply with the provisions of the GDPR.
Much of this work involves training and preparation and preparation of internal procedures manuals to demonstrate compliance with the GDPR rules. But also for the analysis and amendment of the contracts celebrated by our clients with third parties or subcontractors, who are also involved in operations of processing of personal data.
Among the changes with the most significant impact, we highlight:
- Obligation to designate a Data Protection Officer, by the entity responsible for processing, to supervise and ensure the protection of personal data in companies whose activities require this type of monitoring;
- Reporting of security breaches, within 72 hours, to the National Data Protection Commission) and to the holder of the data in question, with reputational consequences for the offending organizations;
- Enhancement of the right to be forgotten, regarding deletion mechanisms of personal data;
- Administrative offense liability, with fines that may amount to up to 20 million euros for offending organizations.
Pinto Ribeiro Advogados has a team with extensive skills and practical experience in the field of personal data protection, who can help your organisation ensure compliance with the GDPR. If you have any questions please contact us by email (firstname.lastname@example.org)