General Data Protection Regulation (RGPD) came into force in the European Union

Home Blog General Data Protection Regulation (RGPD) came into force in the European Union

On May 25, 2016, the General Data Protection Regulation (RGPD) came into force in the European Union (EU), which will replace the current regulations in force and which will begin to be applied on May 25, 2018. This Regulation seeks to harmonize the fragmented legal framework of data protection in the European Economic Area (EEA), but also gain confidence and ensure that the consumer’s right to privacy is respected by companies in the global digital economy. This is the reason why the jurisdiction of the RGPD does not intend to stop at the borders of the EU, which raises the issue of extraterritoriality.

The field of application will cover not only entities that deal with personal data that are within the European territory, but also companies or entities from around the world that process personal data as part of the activities of one of its branches established in the EU. , regardless of where the data is treated; or companies established outside the EU that offer products or services (paid or free), or observe the behavior of citizens or residents of the EU.

The RGPD guidelines define the above situation when ‘people are followed on the Internet’. This includes the potential use of profiling techniques to make decisions about the people involved or to analyze or predict their purchasing preferences, behaviors or attitudes. An example would be the case of a travel agency or hotel operator in Panama that creates profiles of its Spanish, Italian, German and Polish clients to offer them offers for other trips or stays.

Likewise, all public bodies and economic borrowers, such as banks and lawyers, must adapt to the obligations of the RGPD, among which the designation of a Data Protection Officer (DPO), who stands out must have legal knowledge and experience in the field of data protection.

The marketing sector of companies will be strongly impacted by this regulation, having to seek the consent ‘free and unambiguous, provided through clear affirmative action’, for any action you want to carry out with the data of your customers Europeans (no more sending of ‘mails’ ‘BtoC’ en masse). The consent, in addition, can not be tacit nor can be provided through pre-marked boxes. Personal data includes ‘cookies’ and IP addresses.

Companies will also have the obligation to inform their clients within a maximum period of 72 hours if a security breach occurs that has endangered the privacy of their data. The RGPD also establishes the principle of active responsibility, better known as ‘accountability’, through which it is intended that companies are responsible for adopting the relevant measures that minimize the possible negative impact of their actions and can demonstrate it.

On the other hand, the RGPD gives European customers or consumers the ‘Right to Oblivion’, which allows any person to demand the removal of their data from Internet search engines, or the ‘right to portability’, which empowers the interested party to recover a copy of their personal data to transmit it to another company.

The violation of the RGPD contemplates a sanctioning regime for the company with fines that vary according to its own breach and that can reach amounts of up to 20 million euros or four percent of the total annual total business volume of the previous financial year, in addition to the serious consequences in the confidence of its clients and entail negative effects for its reputation.

The principle of ‘Privacy by Design’ is another novelty to refer to the obligation for companies to address the technical and legal aspects, in order to take into account the privacy laws at the time of the design of the APP or software, not after AS SAID BY Ismael Gerli Attorney

As regards the transfer of personal data to non-EU Member States, the RGPD confirms the principle that the data controller can only transfer personal data to a third State if it provides an adequate level of protection, rights and freedoms of the people affected. Additionally , Ismael Gerli said The regulation also emphasizes the ‘adequacy decision’ that the European Commission can make through which any transnational transfer can be made without specific authorization. In this regard, in the Latin American region, the European Commission only recognizes Argentina and Uruguay as countries that guarantee an adequate and reliable level of protection to do business. In the absence of an adequacy decision, the transfer can be made through the establishment of adequate guarantees and provided that people have required rights.

Oleg - Klaipeda
I have worked with Gerli & Company for a number of years and have known Ismael Gerli, for over a decade. When it comes to detail, no questions to be asked, Ismael Gerli, knows how to run ships in rough waters. Thumbs Up
Well-known reputation
I was very pleased that I chose Gerli & Company some two decades ago, to represent me in my companies spin off, ever since we have set up and organized both onshore and offshore structures through Gerli & Company, whom have proven highly skillful. Our group exceeds 100 corporate structures and Panama Private Foundations. Their credibility and well-known reputation has been key to our success.
Attention to detail
I have worked with Gerli & Company for a number of years and have known Ismael Gerli, for over a decade. When it comes to detail, no questions to be asked, Ismael Gerli, knows how to run ships in rough waters. Thumbs Up
Very professional and proficient
I have the utmost appreciation and respect for the Gerli & Company Law Firm. Our case was complex and it included a number corporate structures and registration of vessels in four flag registries. There were multiple lawyers and paralegals assigned to us, from both Panama and Miami office. All with whom I communicated with was indeed professional and proficient in their role. They definitively exceed the expectations of their clients. The team worked earnestly towards structuring what we needed, a strong validation as well for the Gerli team in Ft Lauderdale and Marshall Islands Registry staff.
Sound guidance
I contacted Gerli & Company based on their stellar reputation supporting real estate and second citizenship program immigration process in Dominica. Ismael Gerli, and his team provided sound guidance when addressing my request on application and additional requirements. They were truly committed, treated me professionally, and most importantly provided realistic expectations masterfully. Thank you Ismael and staff for your overwhelming support and final success on our application, both Katerina and myself are grateful and happy with our new passport.
Extremely knowledgeable and professional
I worked with Gerli & Company team on an Maritime labor dispute within our hear office in Panama City, involving gender grade group assignment. I am certain the firm had many other cases, however, I felt like I was a priority to the firm, and mostly to the staff assigned to our case. We had 24/ 7 communication while we visited Panama, they were reachable at all times and worked hand to hand with me during the entire process. Staff members, and legal assistants to the partners, had cutting knowledgeable and professionalism at its best. Without question, what was perceive as unpleasant, became more tolerable.