The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
Since May 2018 it has entered into force sanctions imposed to already effective and also new rules on personal data protection. The rules and policies for the protection of person in connection with proceeding their personal data, shall, without limitation to the citizenship of such person or place of living, shall respect their fundamental rights and freedoms, in particular, the right to protect their personal data. The GDPR shall contribute to improve an area of freedom, security and legality, the economic and social progress It shall also help to harmonize local economies within the common market and contribute to the good living conditions of the citizens. The proceeding of data shall serve to people. The right for data protection is not an absolute right and shall be considered in connection with its role in the society and in compliance with the principle of proportionality. It shall be balanced with the other fundamental rights. This regulation respects all fundamental rights and also complies with the freedoms and other principles, established by the Chart, which are also stipulated in the Treaties. In particular: respect to the private and family life, protection of home, communication, personal data, freedom of thought, conscious, religion, speech, information, undertaking, right for a legal protection and a just legal process as well as the cultural and language variability. The current development creates a need for a firm and comprehensive framework of the data protection in the EU. This shall be based on effective legal enforcement. The final target is to establish trust and confidentiality, which shall contribute to the further development of the digital economy in the whole common market. The person shall have opportunity to control their personal data and shall be provided with an information, how are their data proceeded. Finally, the confidence of person, business entities and also public authorities shall be enforced.
This regulation applies on proceeding of personal data of physical persons. It adds new obligations to the system of current data protection and radically strengthens rules for data administration. The GDPR is obligatory for any subject, which administers or proceeds data. The term ”Personal data” is relatively comprehensive and includes i.e. technical data, such e-mail address, IP address, cookies and similar. Therefore, GDPR applies on the wide range of commercial entities, public authorities, municipalities or on the legal entities, established by them. GDPR is effective towards anyone, who proceeds personal data of EU citizen and gives them effective tools to protect themselves against unauthorized proceeding of their personal data.
GDPR imposes various obligations, but, on the other hand, (perhaps as a result of an alibism and a wish to create “emergency escape”), this regulation relates to the technical development, costs of implementation (technical, organizational) and relevant risks. This might mean, that GDPR is only general regulation and no changes would be necessary. However, this applies only to such entities, which already 100% comply with current data protection rules. But there is necessary to underline, that GDPR threats, in particular, with enormous sanctions and with potential legal proceedings. If GDPR obligations are applied, it would be clear, that any data proceeding is based on ethical principles and the subject undertook everything in the area of data protection.
It is also possible, that if even no policy on data protection were implemented, such infringement could remain undiscovered. However, it would be only good luck and rely on such is extremely risky.
There is also a reasonable risk of fight among business entities. GDPR may be misused for damaging competitor. Such situation may be accelerated with a notice to the Data protection authority from competitor, unsatisfied employee, customer, or even specialized blackmailers. To ignore GDPR is an improper solution. We recommend not even solve data protection, but also create a positive PR declaring compliance with GDPR obligations.