GDPR

Law 

GDPR in practice: The General Data Protection Regulation starts achieving its intended goal

For a number of companies and consumers, 25 May 2018 was a revolutionary milestone in terms of personal data importance. Partly given the significant attention paid by the media, consumers and organisations started recognising their respective rights and obligations. The regulation, which was approved in April 2016 and came into effect two years later, resulted in a number of changes in the functioning of the affected organisations. What changes were they? What is the public perception of the GDPR? Has anything changed in practice at all? 

7. 3. 2019
Law 

Google Receives a Fine of EUR 50 Million for Violating the GDPR

On 21 January 2019, the French equivalent of the Czech Office for the Protection of Personal Data (the “OPPD”), Commission nationale de l'informatique et des libertés (the “CNIL”), imposed a fine of EUR 50 million on GOOGLE LLC for violating the General Data Protection Regulation (the “GDPR”). The fine was imposed for lack of transparency in processing personal data, for insufficiently informing data subjects, and for invalid consents relating to the personalisation of advertising. This is by far the greatest sanction imposed to date since last May, when the Regulation came into effect. 

27. 1. 2019
Law 

11 pieces of advice and recommendations to get the better of the personal data protection regulation

The General Data Protection Regulation or the GDPR was one of the most discussed topics last year. Its compulsory implementation in practice, which occurred in May 2018, was preceded by stormy debates, careful preparations of stakeholders and uncertainty about the practical consequences the regulation would produce. At a business breakfast held at the end of the last week, we assessed the first six months of the GDPR’s implementation. We have selected the 11 most interesting pieces of advice and recommendations to help you find out whether the steps you have taken are in line with the regulation and what to do to achieve compliance. 

22. 1. 2019
Law 

GDPR: The Mystery of Shredding Printed Documents

As a consequence of the General Data Protection Regulation (the “GDPR”) taking effect, the Detective has a growing number of cases to resolve. This time, the Detective is inspecting the rules for shredding physical documents containing personal data. Did you know that the storage limitation rule requires, inter alia, keeping the processed personal data for no longer than is necessary for the purposes for which they are processed? 

4. 6. 2018
Law 

The Joys and Sorrows of HR Specialists: How Will the GDPR Affect Databases with CVs and Other Employee Data?

Contact details, CVS, photographs and videos from corporate events only constitute a fragment of the data handled by HR specialists on a daily basis. HR departments process a large volume of personal data concerning both existing and previous employees as well as job applicants. However, the new General Data Protection Regulation (GDPR) requires setting new rules and verifying whether consents to personal data processing comply with the GDPR. If not, penalties may apply. 

24. 4. 2018
Law 

GDPR: The Mystery Regarding the Personal Data Retention Period to Be Resolved by the GDPR Detective

The Detective was assigned to a new case. The Detective needs to resolve whether company ABC which processes e-mail addresses to send marketing offers does not retain personal data too long. Is the company prepared for the changes to be introduced in May 2018? What are the measures which the company needs to take to meet the GDPR requirements? Can your company identify with this mystery? 

28. 3. 2018