What Do You Need to Know About the General Data Protection Regulation (GDPR)?

As of May 25, 2018, the General Data Protection Regulation (GDPR) will come to effect in the European Union (EU). The GDPR aims to protect the personal data of all residents of the EU, as well as to unify data protection legislation throughout the EU in order to facilitate international business compliance. For the GDPR to apply, the entity collecting the data or processing it must be based in the EU. It will also be applicable in certain circumstances when the data subject is based in the EU, even if the data collector and processor are not.

The GDPR protects the personal data of natural persons only; it does not apply to juridical entities or deceased persons. Personal data, in turn, is defined as any information that relates to an identified or identifiable living individual.

Collecting personal data under the GDPR must be in accordance with an explicit consent from the data subject, unless it is necessary for the pursuit of a number of legitimate aims. Data subjects will have a right to access their collected personal data. Moreover, data subjects will have a right to erasure, where they can request the data collector or processer to erase their personal data, absent a legitimate reason to keep it.

The GDPR will replace the 1995 Data Protection Directive, which EU member states had a margin of discretion in applying through their national legislation. The GDPR, on the other hand, is applicable and binding directly in all EU member states. Penalties for non-compliance with the GDPR can reach up to 4% of worldwide turnover or 20 million Euros, whichever is higher.

How to Prepare for the GDPR?

  • Inform your clients/customers and employees about their personal data that is being processed, and the purpose for doing so.

  • No need to inform individuals if they already know the purpose of processing their data.

  • Provide your clients and employees with access to their personal data.

  • Keep the personal data only as long as necessary. As such, keep your employees’ personal data only as long as you maintain an employment relationship with them, and keep your clients’/customers’ personal data only as long as you maintain a business relationship with them.

  • Limit access to personal data to authorized individuals only.

Should you have any question or request additional details, feel free to contact us at any time by email (contact@kamallaw.com) or phone: 02-2404460.

Kamal and Associates Attorneys and Counsellors-at-Law is a leading full service business law firm. We specialize in the areas of commerce, finance, business law, companies law, labour, social security, taxes, intellectual property, land law, privacy law, among other domains. Our offices are based in the city of Al-Bireh. We often advise our clients on different matters of law, both inside and outside Palestine.