Read our insights, reports and more

Despite one of the main goals of the EU General Data Protection Regulation (GDPR) being to harmonise data protection law across the EU, it does allow the individual member states to introduce broad derogations concerning national security, the prevention of crime and the enforcement of civil claims, when fundamental rights to data protection are guaranteed and derogations themselves are necessary and proportionate.

Although it is cold as I am writing this, spring is here and summer is right around the corner. A number of important events are on the way – the wildly popular Game of Thrones wrapped up its last season and the GDPR celebrated first birthday. What is the temperature like in Estonia in the field of personal data protection – lukewarm, ice-cold or smoking hot?

How to protect your company? Five most important recommendations for ensuring cyber security. The biggest targets of these new brand of bandits are companies that own and process large amounts of data and companies whose cybersecurity measures are lagging behind the times.

A year has passed since the General Data Protection Regulation (GDPR) entered into force on 25 May 2018. The main purpose of the regulation is to give individuals more control over what data about them is processed. The GDPR also applies to employment relations where the employer processes personal data of employees.

The most talked about legislative piece last spring was undoubtedly the General Data Protection Regulation, or GDPR as it is known, which came in force 25 May 2018. As a regulation, it applies directly to all of the EU member states. Why did we need the GDPR, which if to believe popular opinion is an act of pointless bureaucracy, doesn’t improve the protection of privacy rights of individuals and increases the administrative burden of companies?

25 October will mark five months since the entry into force of the General Data Protection Regulation . There was much confusion before that. Companies wondered whether employees’ birthdays could be printed out and tacked to the wall in the break room. Maybe Christmas presents could no longer be given to employees’ children because that, too, would require the children’s personal data to be “processed”.

The date when the General Data Protection Regulation (GDPR) entered into force, May 25th, came and went with many companies still unsure about what needs to be done to be compliant with the GDPR.

According to the GDPR people have right to query data processors about the data they hold about them. People have right to ask what data a processor holds about them, for what purpose and what is done to the data. They also have a right to rectify and erase data. Data processor is obliged to reply within 30 days of the request being made to comply with the regulation.

The new General Data Protection Regulation will enter into force in May 2018. That makes now the last time for public sector organisations, private sector companies and NGOs to start to evaluate whether and what changes they need to make in their personal data management systems – in other words, to carry out a compliance assessment.

Grant Thornton Baltic offers the possibility to outsource data protection officer service. Developed in line with the European Union’s Guidelines on Data Protection Officers, the service charges a monthly flat fee that is significantly more cost-effective for companies than recruiting an expert for their own team.

What happens if a cyber criminal manages to gain access to critical systems in the "smart house"?