General Data Protection Regulation (GDPR)

Are you ready for the new regulation?

On 25 May 2018, the General Data Protection Regulation (GDPR) entered into force, which at the EU level harmonizes the standard of personal data protection, including the application of the principles and the sanctioning criteria. The General Data Protection Regulation is binding and directly applicable to all organizations that process personal data, and non-compliance with this regulation represents a financial and reputational risk in an environment that increasingly values personal data

The new regulation, GDPR (General Data Protection Regulation), introduces a number of changes to the rules governing the protection of personal data, such as:

  • obligation to apply personal data protection at the design phase (e.g. for IT solutions)
  • obligation to maintain a record of processing activities
  • obligation to perform a privacy impact assessment
  • obligation to notify the data protection authority of data protection breaches

Failure to comply with the provisions of the new regulation may result in the imposition of a financial penalty by the data protection authority (up to EUR 20 million or 4% of annual turnover ).



Contact us

Tamara Macasovic

Partner, Audit & Assurance Services, PwC Croatia

Tel: + 385 1 6328 843

Dzenet Garibovic

Croatia Legal Leader, PwC Croatia

Tel: +385 1 63 28 803

Bruno Curcija

Senior Manager, PwC Croatia

Tel: +385 (1) 6328 887

Stay connected: