European General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) entered into force on 24 May 2016. It shall be applicable as of 25 May 2018. Its rules shall regulate the processing of personal information at the Union level. The Regulation is intended to ensure the protection of personal information and, on the other hand, to enable free movement of personal data within the European single market.For internationally operating corporations and companies with subsidiaries in multiple member states, the Data Protection Regulations can be advantageous. These market players could possibly standardise data protection throughout Europe, if the IT infrastructures and processes correspond in multiple locations. In this case the Data Protection Regulation can lead to cost saving.

  • The General Data Protection Regulation must be implemented in time. In this regard, we believe that the following standards require the attention of the controller:

  • Article 6 Lawfulness of processing

  • Article 7 Conditions for consent

  • Article 9 Processing of special categories of personal data

  • Article 13 Information to be provided where personal data are collected from the data subject

  • Article 14 Information to be provided where personal data have not been obtained from the data subject

  • Article 15 Right of access by the data subject

  • Article 16 Right to rectification

  • Article 17 Right to erasure (‘Right to be forgotten’)

  • Article 18 Right to restriction of processing

  • Article 20 Right to data portability

  • Article 21 Right to object

Do you have questions about the implications?