Personal data protection

The General Data Protection Regulation came into force in 2018 and sets out mandatory rules for all businesses, regardless of their country of registration, for the processing, storage, and use of personal data of citizens and residents of the European Union.

This is any information which is related to an identified or identifiable natural person e.g. name, identification code, nickname, date of birth, etc. depending on the situation. Various information that is collected may reveal the identity of a specific person and therefore be considered personal and subject to regulation in accordance with the rules of the GDPR.

If you have a customer base that are EU residents, employees that are EU residents, or you have a website, then most likely you work with personal data and you must comply with personal data protection and GDPR requirements. To determine the type of personal data you work with, we recommend to conduct a personal data protection audit (GDPR audit).

If you or your company collects, processes or stores personal data of EU residents and citizens, you must comply with the requirements of the GDPR. In this case, you will also need to have a data protection representative in the EU.

You will need to conduct an audit of working with personal data. During the audit, you will need to: determine the data you collect, process or store, and the nationality or residence of the persons whose data you collect; identify the sources from which you obtain personal data; identify other persons to whom you transfer the collected personal data, as well as check the methods of data storage, etc.

Companies that are located or registered outside the EU, but collect, process or store personal data of EU citizens or residents, require an authorized representative in the European Union for the protection of personal data. It is not necessary to open your own office in the EU; it is enough to find professionals who provide such a service.