General Data Protection Regulation (GDPR)

Are you ready for the new regulation?

On 24 May 2016, a new EU regulation on the protection of personal data entered into force. The regulation is binding and is directly applicable to all establishments which use personal data for their business purposes. The new law is binding in all 28 European Union countries and replaces the currently binding local personal data protection law.

Currently, we are in the preparatory period for businesses to implement the requirements of the regulation, which will be fully applicable from 25 May 2018 onwards.

The new regulation, GDPR (General Data Protection Regulation), introduces a number of changes to the rules governing the protection of personal data, such as:

  • obligation to apply personal data protection at the design phase (e.g. for IT solutions)
  • obligation to maintain a record of processing activities
  • obligation to perform a privacy impact assessment
  • obligation to notify the data protection authority of data protection breaches

Failure to comply with the provisions of the new regulation may result in the imposition of a financial penalty by the data protection authority (up to EUR 20 million or 4% of annual turnover ).

Contact us

Tamara Macasovic
Partner, Audit & Assurance Services
Tel: + 385 1 6328 843

Dzenet Garibovic
Croatia Legal Leader
Tel: +385 1 63 28 803

Bruno Curcija
Risk Assurance Manager
Tel: +385 (1) 6328 887

Stay connected: