GDPR and personal data protection

The law firm Musil and Partners also provides legal advice in the area of personal data protection, which is regulated primarily, but not exclusively, by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as 'GDPR'). Despite the opinion of many, this legislation has a so-called direct effect. It is therefore necessary to comply with this provision now, when its binding force and enforceability do not directly require local law, as is the case with directives.

Unfortunately, the media was full of large number of expert but also full of less expert opinions, launched tactically not long before the GDPR became effective, has caused great concern for many entrepreneurs but also for non-entrepreneurs. However, in our opinion, in most cases these concerns are unfounded, with the result that there are only minor changes in legislation compared to its previous form. Some obligations become stricter, others arise completely new, but others may be completely dropped. Unfortunately, the influx of large amounts of information in the field of personal data protection at the outset of GDPR has made most potential controllers unaware of a fundamental problem, such as the substantive scope of the regulation.

It is true that GDPR is, from the point of view of an ordinary entrepreneur, who uses personal data only marginally, relatively strict and somewhat confusing legislation. In such a situation, the layman is relatively easily frightened by the maximum amount of fines that, according to the GDPR, can be imposed for delinquencies. However, it is only matter of time that they find out that the supervisory authority does not even have to impose a fine in any case.

In our opinion, the maximum limit of possible fines for violations of selected GDPR provisions was chosen especially for the largest players on the world market, whose main activity is precisely the operations with personal data. Such personal data controllers can most misuse their data, or they can be the target of entities illegally extracting personal data from the records of administrators. Indeed, the largest personal data controllers should be encouraged to comply with the provisions of the GDPR by appropriate sanctions, but this does not mean that they will automatically be fined at the maximum possible level.

The controllers of personal data, especially entrepreneurs, are obliged to comply with the provisions of this regulation from the first day of its effect, i.e. from 25 May 2018, regardless of the adoption of the domestic law.

Legal services provided by the Law Firm Musil and partners consist mainly of legal audits of documents prepared so far, when we modify clients all necessary documents to ensure compliance with GDPR, but at the same time we are ready to prepare documents for ensuring compliance of your internal processes from the beginning. We also provide clients with instructions on how to proceed in the management of data or documents containing personal data in general, or we work according to specific tasks or needs of the client. Training provided to private entities for their employees or collaborators is certainly not an exception.