What to Be Careful for in the New Rules on Personal Data
Regulation (EU) 2016/679 enters into force today - behind this name lies one of the biggest changes in legal regulations ever made in the world.
It introduces a new level of protection for individuals with regard to the processing of personal data and the free movement of information.
The law changes the rules for companies and institutions that collect, store or handle large amounts of information.
Photo: Lawyer Monthly
"Our concerns are related to the fact that this regulation was created with the idea of protecting EU citizens mainly from large corporations. On the other hand, however, it is rather bulky, can be widely interpreted and in practice, it turns out that a large number of small online merchants cannot afford to apply it. These are 88 pages of legal text, which can be interpreted differently, and this should be done by lawyers, "said Petar Mihaylov, one of the major online trading platforms, to NOVA. He pointed out that the amounts for such legal advice start from BGN 2-3 thousand and to BGN 25-30 thousand, which is an impossible amount for small companies.
EU citizens, including Bulgaria, will now be able to object to the specific ways in which companies use their data, stating, for example, that information can be collected as long as it is not used for a particular purpose.
From today, every Bulgarian who uses the Internet will receive a request for permission from different companies to use their personal and have access to it. Everyone will be able to refuse this request.
Citizens will have an easier access to their data, including more information about their processing.
The Regulation applies to a wide range of personal data, including name, address, and single citizenship number. But it also protects information that can show a person's life both online and in the real world. This includes location data, as well as IP addresses, so-called "cookies" and others that allow users to browse the web.
From now on, everyone has the right to be forgotten and ask companies for information about deleting their databases.
Citizens in Bulgaria will be able to file complaints with the Personal Data Protection Commission if they believe that their rights have been violated. If this is the case, fines for companies may reach € 20 million or more - up to 4% of the previous year's revenue.
Photo: bankinghub Major requirements of GDPR
The law requires companies to notify the supervisor and users within 72 hours of any leakage or breakthrough in the protection of collected personal data. It also requires businesses and organizations to get parents' consent to the processing of personal data of children under the age of 16.
Confidentiality techniques are introduced such as pseudonymization (when identifying fields within a given data record are replaced with one or more artificial identifiers) and encryption (when the data is encoded in such a way that only authorized entities can read them ).
That is why it is important to read all the messages that companies send to us in connection with the new regulation and to give informed consent or disagreement.
Any data processing must already be either with the consent of the user or there should be a legal reason for processing it.
And while for consumers this means more rights and protection, for business these changes have serious, including financial consequences. Particularly strong are the concerns of small online trading companies, which will also have to comply with the new regulation.
It also applies to large databases and public registers, such as the property register, the information collected by attorneys, notaries, and banks.
All employers and companies who process personal data, including when hiring employees, will now need to be able to provide documentary justification for this - the timetable for the process and the procedures, the personal data being processed, the reason for the processing, how they are stored, are they provided to third companies, why and to whom, what are the risks to citizens and the appropriate protection measures. All companies with more than 250 employees will have to keep a record of the processing of personal data.
Lawyer Alexander Kashumov, who is an expert on Access to Information Program said to NOVA, that the new regulation may affect client confidentiality, as it offers a provision that "no secret can be opposed to the checks that will be carried out by the supervisory authority ".
This also applies to the medical secret. The publication of data in journalistic investigations can also be attacked under the new regulation.
"Consumers need to pay more attention to where and what they share. The regulation makes companies remind themselves and that they hold your data. Currently, companies again want your rights with messages they have sent. It's good to read these messages and not accept everything they require, "explained Atanas Raykov, General Manager of Weiber for Central and Eastern Europe.
- » Bulgarian PM Borisov: 130 million Needed for Bridges, Trestles and Viaducts in Poor Condition
- » Registry Agency: As of August 16, Commercial Register Users Could Make Checks by National Identity Number
- » The Poverty Line in Bulgaria for 2019 will be BGN 348
- » Bulgarian Government Approves 11 National Scientific Programs for 2018-2022 Period
- » Putin Ready to Meet North Korea's Kim
- » National Statistical Institute: Household Income in Bulgaria Increased in 2018