General Data Protection Regulation (GDPR)
Aim of GDPR
To regulate the principles of collecting and processing of personal data and to ensure that personal data which natural person provides to legal entity is protected and safe.
Consequences of violation of GDPR
Legal entity can be fined up to 20 million euros or 4 percent of annual global turnover (whichever is greater).
* The maximum fine in Lithuania should not reach 100K.
GDPR regulates these questions >>
- Guidelines for processing of personal data of employees;
- Guidelines for processing of personal data of clients, suppliers, etc.;
- Data subject rights (right to receive information; right to be forgotten, right to free movement of his personal data, etc.) and scope of these rights;
- Appointment of Data protection officer and his competence (it is compulsory for some companies only).
What is "Personal data"?* GDPR article No. 4
Data whic can identify, directly or indirectly, in particular by reference to
an identifier >>
- Name, surname
- An identification number
- Location data
- An online identifier
- One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Obligations of Data Controller
- To implement appropriate technical measures (software, security systems, etc.)
- To implement appropriate organizational measure (selection of employees who will be having an access to personal data; preparation and confirmation of Rules for processing of Personal data; informing Data subject about their rights, etc.)
- To ensure confidentiality of Personal Data which is processing in the Company
- To updae technical and organizational measures and rules on processing of Personal data in time
Main requirements for legal entity's request to provide personal data:
- Only necessary personal data can be requested;
- Data subject must be informed about the purspose of collection of his personal data;
- Data subject must be informed about the location and duration of processing of his personal data
- Data subject must be informed about his rights
Preparation of Rules for processing of Personal data
Purpose: to set the provisions on procedure of processing / storing of personal data of employees / candidates for work / clients / Suppliers /etc. and duration of such storing / processing; to set the procedure of ensuring Data subject’s rights and exceptions, etc.
Price: 400 Eur and more (not including the translation fee)
How to get ready?
Preparation of a Non-disclosure (confidentiality ) agreement
Purpose: signing such with the employees (and also with, for example, company which provides you accounting services) will ensure the security/safety of personal data, that is being processed / stored in the company and can be accessed by employee
Price: 200 Eur and more (not including the translation fee)
Review and update of existing agreements in the company
Purpose: if you are not sure whether agreements which are already signed in the company (for example, service agreements with companies providing Clouds or other internal storage) meets the requirements of GDPR, we can review them and provide you recommendations / .
Price: 40 Eur /hour