General Data Protection Regulation (GDPR)

Did you know that General data protection regulation (GDPR) will come in to force in May this year? Not yet? Please find some important information below.

Aim of GDPR

To regulate the principles of collecting and processing of personal data and to ensure that personal data which natural person provides to legal entity is protected and safe.

Consequences of violation of GDPR

Legal entity can be fined up to 20 million euros or 4 percent of annual global turnover (whichever is greater).

* The maximum fine in Lithuania should not reach 100K.

GDPR regulates these questions >>

  • Guidelines for processing of personal data of employees;
  • Guidelines for processing of personal data of clients, suppliers, etc.;
  • Data subject rights (right to receive information; right to be forgotten, right to free movement of his personal data, etc.) and scope of these rights;
  • Appointment of Data protection officer and his competence (it is compulsory for some companies only).

What is "Personal data"?

* GDPR article No. 4

Data whic can identify, directly or indirectly, in particular by reference to

an identifier >>

    • Name, surname
    • An identification number
    • Location data
    • An online identifier
    • One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Obligations of Data Controller

  • To implement appropriate technical measures (software, security systems, etc.)
  • To implement appropriate organizational measure (selection of employees who will be having an access to personal data; preparation and confirmation of Rules for processing of Personal data; informing Data subject about their rights, etc.)
  • To ensure confidentiality of Personal Data which is processing in the Company
  • To updae technical and organizational measures and rules on processing of Personal data in time

Main requirements for legal entity's request to provide personal data:

  • Only necessary personal data can be requested;
  • Data subject must be informed about the purspose of collection of his personal data;
  • Data subject must be informed about the location and duration of processing of his personal data
  • Data subject must be informed about his rights


Preparation of Rules for processing of Personal data

Purpose: to set the provisions on procedure of processing / storing of personal data of employees / candidates for work / clients / Suppliers /etc. and duration of such storing / processing; to set the procedure of ensuring Data subject’s rights and exceptions, etc.

Price: 400 Eur and more (not including the translation fee)

How to get ready?

Preparation of a Non-disclosure (confidentiality ) agreement

Purpose: signing such with the employees (and also with, for example, company which provides you accounting services) will ensure the security/safety of personal data, that is being processed / stored in the company and can be accessed by employee

Price: 200 Eur and more (not including the translation fee)


Review and update of existing agreements in the company

Purpose: if you are not sure whether agreements which are already signed in the company (for example, service agreements with companies providing Clouds or other internal storage) meets the requirements of GDPR, we can review them and provide you recommendations / .

Price: 40 Eur /hour


Save your time – ask us for a help!

Need a help? Or have a question? Contact us!