Read our insights, reports and more

25 October will mark five months since the entry into force of the General Data Protection Regulation . There was much confusion before that. Companies wondered whether employees’ birthdays could be printed out and tacked to the wall in the break room. Maybe Christmas presents could no longer be given to employees’ children because that, too, would require the children’s personal data to be “processed”.

The date when the General Data Protection Regulation (GDPR) entered into force, May 25th, came and went with many companies still unsure about what needs to be done to be compliant with the GDPR.

According to the GDPR people have right to query data processors about the data they hold about them. People have right to ask what data a processor holds about them, for what purpose and what is done to the data. They also have a right to rectify and erase data. Data processor is obliged to reply within 30 days of the request being made to comply with the regulation.

The new General Data Protection Regulation will enter into force in May 2018. That makes now the last time for public sector organisations, private sector companies and NGOs to start to evaluate whether and what changes they need to make in their personal data management systems – in other words, to carry out a compliance assessment.

Grant Thornton Baltic offers the possibility to outsource data protection officer service. Developed in line with the European Union’s Guidelines on Data Protection Officers, the service charges a monthly flat fee that is significantly more cost-effective for companies than recruiting an expert for their own team.

What happens if a cyber criminal manages to gain access to critical systems in the "smart house"?