After a year after GDPR integration conditions are still discussed

Ineta Garnele, Certified data protection expert, Sunstar Group lawyer.

Year ago, 25 of may year 2018, new private data protection (GDPR – General Data Protection Regulation) regula had take an effect. For most bussinesmen this got inconveniences caused by positions of regula asking stored private data to be checked. Why it is so important to any company to pay attention to GDPR? Was the regula integration successfull and what has changed for the last year?

Data protection law has been running from year 2000 in Latvia and in year 2018 it became actual again. In general nothing changed, just penalties for serious violations were defined, till 10-20 millions euro or 2-4% from year`s turnover. That`s why we could see active discussions in social networks.

During this year Work Inspection with other experts provided consultations about GDPR.

In spite of this, lots of businessmen still doesn`t care of it, but others seriously obay the rules, estimate the risks and spend all necessary events to prevent them.

Anyway, penalties should not be the only reason to integrate GDPR. Society becomes more educated in private data security, and, obaying these requirements, businesman shows that he cares trusted information security, increasing client`s trust to his company this way.

For different companies GDPR  integration is still actual . What can be done? 

It is very important to understand, that private data processing should be legal and honest. Regula`s requirements related not only to large companies, but also to middle and small. Client`s, employee`s, partner`s private data processing should fit  in according with regula`s requirements. It is very important also to understand the way of storing this data and whether gathered information is really necessary for concrete purpose. Necessary to pay attention, that collecting and storing  will be legal only in case of fiting to one of six regula`s requirements. For fully legal information processing cooperation should be not only inside the company, but also with clients.

Year after regula`s integration it is clear, that still big job should be done. Providing consultations to businesmen, we can make conclusion, that still are lots of questions about regula`s integration practise, but anyway we hope that attitude to work with data will be changed, in spite of problems either in private either in public sectors.  Took places also cases of  regula`s integration in very hurry, that ended with formal requirement`s obaying with just next folder with papers.

In hurry integrated changes not always quality and in practise not functioning. As far as one of the possible risks is external, do not forget about internal kind of risks, such as inattention of employee, sabotage, illegal disclaiming to third party, that usually caused by lack of knowledges of staff. That`s why  obaying the rules, including staff education, is neccessary and it should not be only formal. This is one of most important conditions, because exactly employees are in touch with private data, completing routine jobs. Employers should understand, that they are responsible for legal collecting and storing information.

From the date of regula was accepted, Work Inspection, as was mentioned, usually provided consultations, assigning  penalty only in seldom cases. This maybe a reason, why businesmen delayed with new requirement`s integration. At the moment there are first penalties till 50 millions euro even in Lithuania.  As far as necessary integration events are very expensive and need human resources, also related with IT system modernization, this is long-term investition, paying attention that it`s ignoring could cost much more expensive.