1. Private sector and GDPR
dr. iur. Ants Nõmper
7th September 2017

2. 1 2 3 contents Identification of new required implementations
Legislative obstacles 3
IT-technical obstacles

3. 1 IDENTIFICATION ISSUE: Is data protection relevant?
What are the main changes?
Lack of knowledge that data protection is important
Confusion and panic produced by media
No material changes in data protecion in Baltic countries
Data protection will be more important to private sector
Private sector cannot ignore data protection

4. 1 IDENTIFICATION First step: data protection compliance audit
SOLUTION:
First step: data protection compliance audit
Second step: updating documentation, action plans
Third step: data protection trainings to employees

5. 1
EXAMPLE
Lithuanian beauty clinic processed client data, including before-and-after photos
Data security measures were not followed
Client data was leaked
Consequences before GDPR: low fine
Consequences after GDPR: large fine

6. COOPERATION PARTNER CONTRACTS2
LEGISLATIVE OBSTACLES
Common mistakes
CONSENTS
COOPERATION PARTNER CONTRACTS
INTERNAL RULES
Pre-ticked
Internet and use is not regulated
Personal data processing is not regulated
Data subject is not informed of right to withdraw
Employees are not notified of intra- group data transfers
Consent is obtained by TOS

7. 3 IT-TECHNICAL OBSTACLES
Implementing GDPR requires implementing new IT-technical solutions and involving IT specialists on a daily basis;
IT technical solution to comply with data portability requests (GDPR art. 20);
IT technical solution for recording processing activities (GDPR art 30);
IT technical solution to comply with data retention terms;
IT technical solutions for complying with security of processing (GDPR art. 32)
implementing security measures and encryption;
IT technical solution to comply with „need-to-know“ basis access principle;
IT technical solution for complying with data breach notification requirements