The personal data protection system is changing. From May 25, 2018, entrepreneurs will be bound by RODO, the EU regulation on the protection of personal data. RODO, or EU GDPR (European Union General Data Protection Regulation) is the EU regulation on the protection of personal data.
The regulation of 27 April 2016, adopted by the European Parliament and the Council of the European Union, aims to ensure the safe and free flow of personal data between the Member States of the European Union. RODO also assumes the unification of the principles of processing personal data within the EU and adapting them to the present day.
The Regulation applies to all entrepreneurs who process personal data on EU territory, and therefore have personal data of clients, contractors, etc. Information such as name, surname, address, PESEL, gender, e-mail address, IP number, purchase history, location. The form of conducting business is irrelevant, and micro-enterprises must also apply to the EU regulation. RODO increases the scope of information that clients can receive from personal data administrators.
The EU Regulation does not provide specific guidance on how the personal data register is to be kept. According to RODO, the companies themselves are to define their information resources, estimate the risk related to data processing and implement appropriate safeguards.
RODO comes into force on May 25, 2018. Entrepreneurs who do not comply with the regulations may be fined up to EUR 20 million or an amount equal to 4% of the total annual turnover (from the year preceding the infringement).
