aA
The General Data Protection Regulation, or GDPR, may sound like one more arcane package of rules coming from Brussels, but saying it’s “a big deal” does not even begin to cover it. The directive will affect every company inside the EU, as well as those outside the EU, doing business with EU citizens when it comes into effect on 25 May. Preparing for it requires quite extensive legal and IT resources. Aurelija Rutkauskaitė, attorney at the legal firm Triniti, and Stein Ove Sektnan, managing director at customer relations management firm SuperOffice, acquainted the attendees of the monthly European Business Network business breakfast with the challenges of meeting the GDPR and offered tips how to deal with them.
The General Data Protection Regulation seminar
The General Data Protection Regulation seminar

The GDPR is coming into power throughout the EU replacing national personal data protection regulations. While countries like Lithuania may have had strict rules all along, what is different with the GDPR, according to Ms. Rutkauskaitė, is that compliance will be enforced much more strictly. Organisations will have to actively show that they do comply.

Personal data includes anything from name and email address of a shop's loyal customers and IP addresses of a website's visitors to patient files held by hospitals and everything that Facebook may know about its users. Virtually every business, non-profit or public sector organisation does collect, to a greater or lesser extent, some personal data about individuals, be it their employees, clients or associates. Ms. Rutkauskaitė says that ensuring compliance with the regulation will require considerable resources and, in many cases, outside assistance from legal and IT specialists. To upgrade their client data management systems, Lithuanian banks are said to be spending in the hundreds of thousands of Euros.

Compliance with the GDPR, says Mr. Sektnam, is not unlike weight watching – while outside consultants can give advice ("Eat healthy and exercise"), it is up to the organizations to make sure that they comply – and suffer consequences, if they don't.

The new regulation is, of course, great news for individuals who are getting significantly greater control over the collection and use of their personal data. No longer will service providers be able to indiscriminately store information and use it for whatever purposes they please at a tick under a vaguely phrased terms and conditions agreement. Users will need to give explicit consent to have their personal data collected and be informed about specific purposes that it will be used for. Moreover, they will have the right to review what organizations know about them and request "to be forgotten". "Google should not know more about me than I do," Mr. Sektnam joked.

His company, SuperOffice, offers businesses customer relations management systems. While based in Vilnius, it sells its products in seven EU countries (although not in Lithuania) and is the market leader in all but one of them. The stricter regulations, Mr. Sektnam says, are a business opportunity for the companies like his – after all, organizations will need efficient ways to process data in a transparent, confidential and manageable way.

After May 25, the GDPR will apply to not just data collected after that date, but all data. This means that companies will need to re-acquire their clients' consent for the information they already store – and here they can find themselves in a bit of a catch-22 situation. Several companies, including "Honda", have been fined for mass-emailing consent requests to their clients, may be considered spamming by regulators and the illegitimate use of personal data. Ideally, Ms. Rutkauskaitė says, companies should wait for their clients to approach them and only then ask them to renew consent. In many cases, however, that may be impracticable – and so companies may need to rely on the regulators' understanding and hope for small fines.
The monthly European Business Network's (EBN) business breakfast was hosted by the Embassy of Ireland at the Holiday Inn in Vilnius.

|Populiariausi straipsniai ir video

To start or not to start fintech company during recession?

Microsoft, IBM, HP, Disney, FedEx, 3M. What do these companies have in common? They started their...

Lithuania asks Slovenia to hand over detained businessman Kucinskas

Lithuania's Prosecutor General's Office has asked Slovenia to hand over Vidmantas Kucinskas , the...

Sapoka: country's economy is withstanding pandemic challenges very well (1)

Lithuania's economy is coping very well with challenges induced by the coronavirus crisis, and the...

Zalatorius steps down as head of Lithuania's banking association

Mantas Zalatorius , suspected of corruption, is stepping down as head of the Association of...

Coronavirus-triggered economic crisis less severe than in 2009

Lithuania's gross domestic product contracted by 3.7 percent in the second quarter of 2020 from a...

Top news

President and staff isolate after member had contact with COVID-19-infected person

All staff members of the Lithuanian presidential office , including President Gitanas Nauseda, are...

Minister: key scenario is to start academic year normally

The key plan is to start the upcoming academic year normally but with extra security requirements,...

Lithuania asks Slovenia to hand over detained businessman Kucinskas

Lithuania's Prosecutor General's Office has asked Slovenia to hand over Vidmantas Kucinskas , the...

Spaniard: love for history of the Baltics propelled to come to Lithuania

Ernesto Domingo Fuentes, 26, hails from Jaen, which is Spain’s olive oil capital. It produces 20% of...

To start or not to start fintech company during recession?

Microsoft, IBM, HP, Disney, FedEx, 3M. What do these companies have in common? They started their...

|Maža didelių žinių kaina