General Data Protection Regulation: basic concepts and principles of application

Регламент по защите данных GDPR
July 22, 2021

Basic concepts of GDRP

Personal data is any information related to an identified or identifiable individual (data subject), by which it is directly or indirectly possible to identify them.

The type of personal data is determined depending on the complexity of obtaining, the degree of secrecy and the rights to use by third parties. Personal data is divided into: biometric personal data; genetic personal data; publicly available personal data; sensitive personal data.

The GDPR provides for a clear and transparent differentiation of each of the subjects of personal data:

  • controller is an individual or legal entity, state body, institution or other body that independently or jointly with others determines the purposes and means of processing personal data;
  • processor is an individual or legal entity, state body, institution or other body that processes personal data on behalf of the controller;
  • data subject is an individual whose data is being processed.

Territorial scope of action

The main feature of this regulation is the extraterritorial principle of action for the protection of personal data, in particular the processing of personal data, in connection with which companies registered in the Republic of Belarus and conducting business focused on the European and international markets (including the processing of personal data of individuals from the EU) should take this regulation seriously and optimize the processing of personal data for compliance with the GDPR.

Monitoring compliance with the GDPR does not imply an obligation to adopt national laws and may have an effect directly on operators.

Principles of processing personal data under the GDPR

The GDPR sets out 6 basic principles for the processing of personal data:

  • lawfulness, fairness, transparency;
  • purpose limitation;
  • data minimization;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality.

Both the controller and the processor are obliged to ensure compliance with the GDPR in all fundamental areas/specifics of doing business: conclusion of an agreement between the controller and the processor; development and implementation of local regulations; cryptographic protection of personal data; immediate response and restoration of access to personal data in case of loss or incident, etc.

Liability in case of violation of the rules of personal data processing

Violation of the rules for personal data processing entails the announcement of an admonition or the imposition of fines, which are of a strict and exceptional nature. Liability for violation of the GDPR can reach 20,000,000.00 Euros or 4% of the company’s annual global income (depending on which amount is larger).

In addition, the following measures can be applied for non-compliance with the GDPR:

  • compensation for any damage that the data subject may suffer when processing personal data in violation of the GDPR;
  • risk of refusal of cooperation on the part of European/international partners, which entails a break in business relations.

Please note that regardless of whether your company is an operator/controller or an authorized person/processor, the controller must formalize a partnership in the process of doing business exclusively with those processors who comply with the requirements of the GDPR.

What we offer

We offer to assist your business in a competitive business environment in the European Union market and help to:

  • conduct an analysis of the specifics of your company’s business and determine whether your company is obliged to comply with the GDPR requirements and determine a strategy for implementing the GDPR;
  • evaluate the effectiveness and security of software products implemented in the company, processes and information bases for compliance with the GDPR;
  • prepare local regulatory legal acts, policies, processes regulating the protection of personal data for the purpose of adapting the team to the requirements of the GDPR;
  • provide services for the implementation of personal data protection policies in accordance with the requirements of the GDPR;
  • optimize the company’s business processes in the context of personal data protection and confidentiality, including interaction with European/international counterparties, as well as raising awareness within the company on both the market of the Republic of Belarus and the international market;
  • provide a wide range of services and solutions related to the protection of personal data on any issue that arises regarding the procedures for processing personal data.

 

Experts:

Ekaterina Kostinevich

Partner / Tax&Legal, Business process outsourcing

Angelina Satsuk

Associate

Share

Quick feedback

Main contacts
Fill out the form and click submit. We will contact you as soon as possible
Ekaterina Kostinevich
+375 17 308 74 50 ekostinevich@assurance.by

    Insights

    МСА 315 (пересмотренный)
    March 29, 2023
    ISA 315 (revised): major changes to the standard
    The International Standard on Auditing 315 (ISA 315) is one of the key international standards that regulates the procedures for...
    Read more
    Внедрение МСФО в банках РБ
    March 9, 2023
    Introduction of IFRS as the only accounting and reporting standards in banks of the Republic of Belarus
    The Law of the Republic of Belarus No. 210-Z dated October 11, 2022 “On Amendments to the Laws on Accounting...
    Read more
    Защита персональных данных
    October 15, 2021
    The Law «On the Protection of Personal Data»: Principles and Procedures for Working with Personal Data
    A new law in the field of regulating the protection of personal data was adopted in the Republic of Belarus....
    Read more

    I agree to the processing of my personal data and the Website Terms of Use. I am familiar with the Policy regarding the processing of personal data.