We use cookies in order to improve the usability of the site. By continuing to use the site, you agree to the Website Terms and Conditions and consent to the processing of your personal data. Please see our Privacy Policy for more information about cookies and how to delete or block them.
  • General Data Protection Regulation: basic concepts and principles of application
Article:

General Data Protection Regulation: basic concepts and principles of application

22 July 2021

Basic concepts of GDRP

Personal data is any information related to an identified or identifiable individual (data subject), by which it is directly or indirectly possible to identify them.

The type of personal data is determined depending on the complexity of obtaining, the degree of secrecy and the rights to use by third parties. Personal data is divided into: biometric personal data; genetic personal data; publicly available personal data; sensitive personal data.

The GDPR provides for a clear and transparent differentiation of each of the subjects of personal data:

  • controller is an individual or legal entity, state body, institution or other body that independently or jointly with others determines the purposes and means of processing personal data;
  • processor is an individual or legal entity, state body, institution or other body that processes personal data on behalf of the controller;
  • data subject is an individual whose data is being processed.

Territorial scope of action

The main feature of this regulation is the extraterritorial principle of action for the protection of personal data, in particular the processing of personal data, in connection with which companies registered in the Republic of Belarus and conducting business focused on the European and international markets (including the processing of personal data of individuals from the EU) should take this regulation seriously and optimize the processing of personal data for compliance with the GDPR.

Monitoring compliance with the GDPR does not imply an obligation to adopt national laws and may have an effect directly on operators.

Principles of processing personal data under the GDPR

The GDPR sets out 6 basic principles for the processing of personal data:

  • lawfulness, fairness, transparency;
  • purpose limitation;
  • data minimization;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality.

Both the controller and the processor are obliged to ensure compliance with the GDPR in all fundamental areas/specifics of doing business: conclusion of an agreement between the controller and the processor; development and implementation of local regulations; cryptographic protection of personal data; immediate response and restoration of access to personal data in case of loss or incident, etc.

Liability in case of violation of the rules of personal data processing

Violation of the rules for personal data processing entails the announcement of an admonition or the imposition of fines, which are of a strict and exceptional nature. Liability for violation of the GDPR can reach 20,000,000.00 Euros or 4% of the company's annual global income (depending on which amount is larger).

In addition, the following measures can be applied for non-compliance with the GDPR:

  • compensation for any damage that the data subject may suffer when processing personal data in violation of the GDPR;
  • risk of refusal of cooperation on the part of European/international partners, which entails a break in business relations.

Please note that regardless of whether your company is an operator/controller or an authorized person/processor, the controller must formalize a partnership in the process of doing business exclusively with those processors who comply with the requirements of the GDPR.

What we offer

BDO in Belarus offers to assist your business in a competitive business environment in the European Union market and help to:

  • conduct an analysis of the specifics of your company's business and determine whether your company is obliged to comply with the GDPR requirements and determine a strategy for implementing the GDPR;
  • evaluate the effectiveness and security of software products implemented in the company, processes and information bases for compliance with the GDPR;
  • prepare local regulatory legal acts, policies, processes regulating the protection of personal data for the purpose of adapting the team to the requirements of the GDPR;
  • provide services for the implementation of personal data protection policies in accordance with the requirements of the GDPR;
  • optimize the company's business processes in the context of personal data protection and confidentiality, including interaction with European/international counterparties, as well as raising awareness within the company on both the market of the Republic of Belarus and the international market;
  • provide a wide range of services and solutions related to the protection of personal data on any issue that arises regarding the procedures for processing personal data.

 

Experts:

Ekaterina Kostinevich

Partner / Tax&Legal, Business process outsourcing

BDO in Belarus

 

Angelina Satsuk

Associate

BDO in Belarus