Today’s world strives to adapt to continue functioning, retain economic stability and society’s welfare.

In this new reality, businesses are in a high anxiety state and undertake intensive actions to secure their staff and retain business relations with clients, shareholders, stakeholders, and partners.

Even though the crisis is critically affecting our way of life, there are intricate business alerts that entrepreneurs should not neglect and seek ASAP the assistance of professional legal advisors and consultants to confront them successfully.

Business Alerts

Business Endurance

Businesses should form an effective business continuity plan with strategies that target the business’s continuation.

Professional legal assistance is needed when forming the business continuity plan to safeguard that the business fully complies with the legislative framework, i.e.:

• contractual relationships
• employment contracts
• compliance of the industry with its obligations before governmental authorities
• business relationships of company’s affairs with employees, clients, suppliers, shareholders, and stakeholders.

Business Insurance Coverage

In today’s business environment, many companies have business insurance coverage plans.

Consequently, the company’s legal advisors should thoroughly examine the insurance policies and coverages to identify if compensations for the COVID – 19 pandemic exist.

It is noteworthy to mention that all insurance contacts are subject to high variations when coverage policies and exemptions are concerned.  Chambersfield Economides Kranos lawyers can evaluate your business insurance contract and identify possible coverages according to the contractual and related pandemic litigation, as well as determine the coverage percentage of the cause.

Employment Law

Almost all the governments of the world, during the pandemic outbreak, issued supportive measures and degrees to safeguard business operations, social welfare and prevent mass layoffs.

Moreover, governments issued a safety and security degree for tackling the pandemic effects and provide a healthy, hazard-free workplace environment to all employees.

Despite the government’s efforts, many people have wrongly or unfairly being dismissed from their employment. Unfortunately, many of them were unaware of legislative and/or regulatory provisions aiming to safeguard their legal rights.

An unlawful employment dismissal depends on the individual situation and may violate the Termination of Employment Law, Violation of Constitutional Human Rights, or Breach of Employment Contract.

Subsequently, before proceeding with employment termination, businesses should consult their legal advisors to determine if there is a violation of employment rights.

Privacy and Security

There are many questions concerning network privacy and security on remote work, especially today that social distancing is promoted as a prevention measure of Covid-19 pandemic spread.

Due to pandemic measures, “business as usual” is disrupted, and the vast majority of companies proceeded with the introduction of remote work to maintain their sustainability.

At the same time, the implementation of “working from home” raised safety questions to companies regarding:

• The disclosure of sensitive data processed or saved in the company’s systems,
• Possible unauthorized access or disclosure of data,
• Unsecured Networks that are vulnerable to viruses, malware, etc.

Consequently, companies, to overcome those problems, should assess their policies:

• of remote access in their systems and develop regular risk checks,
• adopt continuous monitor techniques,
• and enhance employees’ security access points by implementing double system authentication techniques and encryptions.

Besides, special attention should be given to employees’ training and system defense mechanisms to prevent spear phishing, whaling, smishing, and vishing that flourish during a crisis.

Concurrently, companies should define their policies for gathering and receiving health-related information about their visitors, employees, and third parties to be fully compliant with the EU General Data Protection Regulations (GDPR).

The needs of each company vary according to the nature of the business operations and activities. For privacy matters and GDPR compliance, it is highly recommended to seek the advice of the professional lawyers of Chambersfield Economides Kranos.

It is noteworthy to mention that companies that do not implement the appropriate measures may face sudden threats and consequences.

Contractual Relationships

The coronavirus pandemic has undeniably affected the world economy and created massive negative impacts on all commercial contacts and activities.  Countless trade contracts were affected, and many business transactions were canceled or postponed.

Also, concerning contractual relationships, the pandemic has raised reasonable questions of who will be accountable and bear the financial losses of not meeting the contract obligations.

Additionally, a wise confrontation should be the implementation of crisis management strategies that will help in minimizing the effects of the outbreak i.e.

• Negotiation attempts will involve parties with suggestions that may solve the problem.
• Implementation of relief strategies
• Formation of a Contingency plan
• Legal risk analysis
• Revision of contract clauses
• Governing law, etc.

It is also highly recommended for overcoming contractual relationship vulnerability to seek the consultation of Chambersfield Economides Kranos, legal and business consultants.

The firm’s legal consultants can help form a crisis management plan, which will contain actions that will safeguard your firm’s contractual relationships and business operations.

Financial Concerns

Many companies and individuals have experienced financial distress for their earnings, cash flow, and loans after the pandemic outburst.

Also, many companies had to appeal for restructuring their contracts and agreements to cope with the pandemic consequences and continue their business operations.

The answer to business sustainability does not lie only with loan restructuring but with overall business restructuring due to Covid-19 unpredictable era effects.

Thereupon, for a successful restructuring of your business, entrepreneurs should appoint legal experts that will perform a thorough analysis of the company’s current situation and propose sustainable solutions.

Merges and Acquisitions

As previously stated, the Covid-19 pandemic has had a significant negative impact on all business activities, not only in nearly every sector of the economy but also on Mergers and Acquisitions transactions.

Many M&A transactions after the outbreak were affected in terms of:

• Financial Risk – due to future uncertainties on the behavior of the economy, in M&A transactions, entrepreneurs have shown hesitation on whether they will proceed with the transaction, cancel, or postpone it.
• Value – The conditions of the international market have changed dramatically.

Nowadays, we observe spontaneous economic tendencies. Therefore,  entrepreneurs are in the process of re-evaluating M&A pricing and risks before reaching a decision.  Also, in M&A re-evaluation, a great emphasis is being given on financial due diligence indicators, i.e., capital funding, continuity business plans, risk management, etc.

• Sustainability – entrepreneurs evaluate possible business sustainability scenarios before proceeding with the M & A transaction.

Additionally, entrepreneurs attempt to identify policies that will ensure the successful continuation of their business operations and mitigate the risks of market fluctuations.

With that said, today’s entrepreneurs are in more need of cooperation with lawyers that have great experience in cross-border transactions, M & A, and crisis management.

Intellectual Property Rights

Intellectual Property Rights have been highlighted even more during the pandemic era.

Subsequently, businesses should find “out-of-the-box” solutions to cope with the pandemic’s effects, which will sustain their operations and create new opportunities.

Several examples demonstrate this thinking in e-commerce, IT, pharmaceutical, etc.

For example, many IT companies seized the opportunity of social distancing and lockdowns and focused on technological developments.  It is a fact that the Research and Development department of Pharmaceutical companies got into the fight for developing vaccinations of immunity towards the coronavirus.

All new developments need to be assessed by the governmental authorities, register their IP rights, and acquire the license before entering the market.

The measures of the governmental authorities, as expected, created delays in the registration process of copyrights, trademarks, and patents.

Therefore, to avoid further procedure delays, it is highly recommended for your IP application and procedure be handled by experienced and accredited law firms.  The professional IP lawyers can provide the appropriate advice during the process, on a national and international level, and overcome any possible delays during the application stage.

E-Commerce

Nowadays, e-commerce is deemed to be the leader of the retail industry. Movement restrictions, lockdowns, and social distancing were the main reasons that contribute to the e-commerce booming induced. As expected, companies that adapted fast to consumer behavior changes thrived.

It is undeniable when it comes to e-commerce, it is of utmost importance to be sure that your online business is compliant with the relevant regulatory and legislative framework.

Several laws pertain specifically and related to online businesses, including but not limited to intellectual property rights (trademarks, copyrights, etc.), privacy policies, terms of service, data protection, and consumer rights.

Therefore, for safeguarding your online business operations, it is recommended to search legal consultants’ advice and seek their assistance with all legal aspects related to online businesses’ formation and function.

The post Legal Considerations in Today’s Businesses appeared first on Chambersfield Economides Kranos.

It is universally acknowledged that internet has an increasing and enormous potential in the development of online business marketplace and electronic commerce. More and more businesses are integrated into the online arena, day by day.

Undeniably, when it comes to online business it is of crucial importance to ensure that your online business is aligned and duly, in compliance, with the relevant regulatory and legislative frameworks. A number of laws have been enacted, that pertain specifically and/or related to the online businesses, including but not limited to intellectual property rights (trademarks, copyrights etc.), privacy policies, terms of service, data protection and consumer rights.

First of all, you have to ensure the registration of your incorporation.

Chambersfield Economides Kranos offers full corporate services in order to cover every possible corporate need, and, can provide you inter-alia, with any legal assistance and/or services required and/or undertake on and/or for your behalf all the necessary procedures, for the purposes of ensuring the registration and formation of your company.

The application for registration of a Cypriot company is filed to and examined by the Companies Registrar and Official Receiver, on a case by case basis.

Also, noted shall be that depending on the services and/or products you wish to provide, you may require to apply for specific license.

Furthermore, when choosing internet as a means for establishing and/or starting your business activities, you must also be properly aware of the issues surrounding intellectual property rights.

Online businesses that embrace modern innovation and invest in research and development, in a cyberspace with a continuous information flow shall, undoubtedly, be Intellectual Property informed and aware.

Intellectual property, comprises, inter alia, industry and industrial property that includes inventions, patents, trademarks, industrial designs and intellectual property rights, creators’ copyright rights, including scientific, musical, literary and artistic works as well as television shows, software, databases, architectural plans, advertising and multimedia, as well as business strategies which include business secrets, confidentiality agreements and know-how.

An important number of consumers avoids electronic commerce, fearing the insufficient data, security and confidentiality.

A strong emphasize shall be placed on consumer protection standards and legislative requirements. When you operate your business online, you have to ensure that your website is properly compliant with the relevant legislative and/or regulatory requirements, considering privacy policies.

Among others there is an outmost need of implementing privacy policies. Privacy policies are used to let customers know how their personally identifiable information is going to be used by the online business.

In addition, personal data protection is deemed to be of outmost importance and one of the main concerns for consumers and businesses.

If you use and/or process the personal data of EU citizens or residents, then the GDPR (General Data Protection Regulation) may apply to you even if you’re not in the EU, imposing high privacy and security standards. Consequently, you have to make sure that you have the appropriate terms and conditions and disclaimers in place.

Moreover, ensuring and implementing cyber security policies is of vital importance for your business, safeguarding sensitive data, personally identifiable information and protecting it from cyber threats.

For online businesses to thrive there is a need of compliance with the relevant legislative and/or regulatory framework, encouraging businesses’ economic growth and success.

Complying with the relevant regulatory and legislative framework will enhance, inter alia, your relationship with your prospective and existing customers and help you building your reputation as an ethical and trustworthy business.

Be fully prepared in properly complying with all the legal requirements and/or formalities, will minimize possible risks to your business and/or prevent any unwanted legal complications.

Our legal team of expert and experienced professionals can advise you and assist you with all legal aspects related to formation and/or operation of online businesses, as well as consultation and representation in relevant litigation proceedings.

For further information and/or clarifications you may require, please contact our offices.

The post Online Business appeared first on Chambersfield Economides Kranos.

Upon the fight against the COVID-19, and in an effort to reduce the said negative impact of “business as usual”, the vast majority of organizations introduced, for the first time, a variety of forms and degrees of remote work to maintain a company’s sustainability.

Undeniably, a solid attempt of the companies to limit the physical presence of the employees to the offices was demonstrated the past few weeks.

However, this implementation of remote work ethics to the employees entails the preparation of the organization to adjust and act accordingly, especially in relation to the personal data protection risks, since the threats that may arise from the use of technology during remote working are sufficiently large.

In case the organizations do not engage the necessary measures, then sudden risks and consequences might be moved stealthily against the organization.

Hence, there are justified concerns on how to maintain compliance with the EU General Data Protection Regulation (hereinafter referred to as the “GDPR”) during this crisis.

The GDPR was established to ensure that each and every legal entity that process personal data are held responsible for the safeguarding of the fundamental right of a person to the protection of their personal data.

Specifically, according to the GDPR, the company shall ensure the minimization of the risk for a potential personal data breach that might lead to the unintentional or unlawful access, loss, alteration, and unauthorized interruption or disclosure of personal data, which as processed or stored by the company.

Such personal data breach includes, but is not limited to, when an unauthorized disclosure or leak occurs and a third party obtains personal data without the prior necessary permission and also when the relevant access to the personal data is lost by the company. To this point, noted shall be that serious breaches that might occur due to the non-compliance of the legal entity with the Regulation can be punishable by fines of up to EUR 20million or the 4% of the worldwide total revenue of the legal entity for the preceding financial year, whichever is greater.

Thus, the GDPR demanded the implementation organizational and technical measures by a company, in such extent and degree, to ensure the protection of personal data, always in accordance to the regular risk assessments executed by the legal entity.

So, what happens in case the company did not have the appropriate time to comprehensively assess the impact of the “remote working” risks prior its implementation to the employees?

A brief risk assessment of the potential company’s threats stipulates that the number one enemy of a legal entity for maintaining its compliance with the GDPR is the unsecured networks.

This is solely because the employee, who is working remotely, is no longer using the secure corporate network that provides the relevant firewalls and encryption and therefore, there is vulnerability of the company to control the features that the employee is using.

In addition, and considering the unexpected outbreak of the COVID-19, it should also be noted that most of the companies did not have the relevant equipment and the employees were called to enforce the BYOD (Bring Your Own Device) policy.

The BYOD policy increases the lack of control of the company and thus, the company’s vulnerability to potential data breaches, due to viruses or malware, enlarges.

Last but not least, noted shall be that the human factor is the weakest link of any safeguarding measure that may be adopted.

Having said the above, the compliance of a legal entity with the GDPR can be argued as of a paramount importance and a company shall adopt all possible measures necessary to maintain such compliance during the COVID-19 outbreak, according to its needs.

Since the needs of an organization for the GDPR compliance may vary upon the nature of the business or the personal data that possess or process, we invite you to discuss further the matter on a case by case scenario.

At Chambersfield Economides Kranos law firm we can advise you and provide you with the solutions for an accurate compliance with the GDPR.

You can contact our law firm for further information.

The post Maintaining GDPR compliance during COVID-19 appeared first on Chambersfield Economides Kranos.

Majority of trading retail shops, malls, shopping centers, restaurants, cafes and other type of businesses are turning into online e-commerce in order to minimize and mitigate against the losses due to the lock-downs from the Pandemic.

It is crucial that any business should take the steps towards online sales (e-commerce) in order to continue their operations. In addition, e-commerce of course can play a critical role in actually even expanding a business. By going digital and online, a business can approach a bigger market share than the traditional retail store operation.

The transition to e-commerce must be done in a correct and educated manner, taking all the precautions and all legal measures to support that change of operations.

There are numerous procedures and documents that needs to be prepared in order to be able to legally and safely initiate online sales. Starting form basic terms and conditions, privacy policy, cookies policy, GDPR compliance, refund and returns rights, intellectual property, copyright and trademark issues are some of the few issues that a business should consult and act upon before they launch their online business.

The correct and professional set up of the above will increase your operational capabilities and minimize exposure in severe risks in the future. Our law firm has an expert team for specifically online – digital – eCommerce businesses and can assist you in a prompt, professional and efficient manner.

The post E-Commerce & Online Businesses appeared first on Chambersfield Economides Kranos.

An article by Mr. Michalis Economides, CEO | Advocate & Legal Consultant of the International Law Firm Chambersfield Economides Kranos |Magazine Publication Capital Today, June 2018

Personal Data – New Legal Framework – Practical Application

Following four years of debate, the (EU) 2016/679 regulation of the European Parliament and Council of the 27th of April 2016, is enforced.
The regulation refers to the protection of individuals, concerning the process of their personal data, as well as, the free exchange of those data (General Regulation for Data Protection).

The regulation of the 27th of April 2016 (having a two-year harmonization period) entered into force on the 25th of May 2018.
The aforementioned regulation replaced the Directive 95/46 / EC, the provisions of which were transferred to the 2001 Personal Data Processing (Protection of Individuals) Law (Law 138 (I) / 2001).

The regulation, unlike the Directive, ensures a high level of harmonization and it is directly applicable to all European Member States.
The protection of natural persons, in regard to the processing of their personal data, it is a fundamental right. The Article 8 (1) of the Charter of Fundamental Rights of the European Union and Article 16 (1) of the treaty for the operation of the European Union (TFEU), specify that every person has the right to protect its personal data.

The worldwide integration and rapid development of the data processing, as well as, the functioning of a global market, have resulted in an unparalleled increase flow of data collection, processing and cross-border exchange, from both private companies and public authorities.

Target

The Regulation aims the uniformity and decisive protection of the privacy, of the citizens of the European Union. This requirement ascended, due to the intense daily increasing trend of personal data exchange, worldwide, which in many cases was subject to violations of the personal data of individuals.

Interpretation of Definitions

According to the provisions of the Regulation, “personal data” is defined as the data and any kind of information that directly or indirectly identify an individual.

This information may relate to his / her private, professional and / or personal life.

The processing of personal data, in accordance with the Article 4 (2) of the Regulation, indicates that any act or series of operations carried out with or without the use of automated means, such as: collecting, recording, organizing, structuring, storing, adapting or modifying, recovering, searching of information, using, disclosing by transmission, distributing or any other form of supplying, associating or combining, restraining, removing or destructing of data.

“Controller” is the natural or legal person, public authority, service or any other body that defines the purposes and manners of processing personal data.

“Processor” is the natural or legal person, public authority, service or any other entity, which process the personal data on behalf of the controller.

The Basic Principles of the Regulation

The basic principle of the Regulation is the harmonization and introduction of a set of data protection standards, which will apply uniformly, throughout the European Union.

Undoubtedly, one of the biggest changes in the regulatory field of personal data protection derives mainly, from the extended jurisdiction of the Regulation, in all the European member states. The Regulation applies to all companies and organizations, which process personal data of people residing in the European Union, irrespective of the company’s registered office location.

Additionally, the Regulation refers to all private and public enterprises, as well as, government authorities that collect, process and generally manage personal data of customers, employees, associates or other natural persons, which are European citizens.

In summary, the new Regulation applies to all businesses that process personal data of European citizens, regardless of their location (inside and outside the European Union).

Moreover, an equally important characteristic of the Regulation is to introduce and strengthen the rights of individuals, whose personal data are being processed.

Additionally, it is notable to mention that the new Regulation introduced new obligations to businesses on the way they process personal data.

In fact, the Regulation is significantly increases the obligations of all entities that manage personal data of European citizens.

Severe amount penalties, according to Article 83 of the Regulation will be imposed to offenders, with fines ranging from €10,000,000 to €20,000,000 or from 2% to 4% of the total annual global turnover of the previous business year of a business (applies to whichever is the higher). The fines will be applied according to the nature of the violation. Hence, the heavier fines will be exercised for breaches concerning the basic principles of the Regulation, related to data processing, data transfer in a third country without the consent of the individual and to the non-compliance with an order or limitation of the data processing, imposed by the supervisory authority.

Decisions, which are issued by the supervising authorities, in the context of the fine exercise power, will be subject to appeal before the Administrative Court on the basis of Article 146 of the Constitution.

Furthermore, another important fact of the Regulation is to strengthen the existing principles governing the processing of personal data, and according to Article 5 of the Regulation, they state that personal data must:

• Be subjected to legitimate and lawful processing with a clear purpose (lawfulness, fairness and transparency).
• Be collected for specified, explicit and legitimate purposes, and, not to be further processed in a manner incompatible with those purposes (purpose limitation).
• Be appropriate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization).
• Be accurate and proceed with all reasonable steps to immediately delete or correct personal data that is inaccurate (accuracy).
• Be stored, only for as long as it is required for the purposes of the processing of personal data and on the basis of the applicable legal requirements of each organization (storage period limitation).
• Be processed in a manner that assures the appropriate security of personal data, including the protection against unauthorized or unlawful processing, loss, destruction or deterioration, using appropriate technical or organizational measures (integrity and confidentiality)
• Entities collecting and processing personal data are responsible and must be able, at all times, to demonstrate compliance with all the principles governing the processing of personal data (accountability).

Rights of individuals

The Regulation based on the structure of the existing legislative framework, strengthens the rights deriving from the 1995 Directive and introduces new rights and obligations.

Indicative is the explicit legislative fortification of the “right to be forgotten”, which is the right that allows the individual to maintain control of his / her personal information, mainly in the cyberspace.

The imperative rights of individuals, whose personal data are being processed, are:

• The right to object at any time, to the processing of their personal data.
• The right to transfer the data that are based on their consent, on receiving or requesting the transfer of their data from one company to another.
• Right to the information
• Right to access the data
• Right to correct the data
• The right to “be forgotten” or delete the personal data
• The right to limit the processing of date, when the accuracy of the data is in dispute or is illegal or when the company no longer needs those data
• The right to object to an automated decision

Business Obligations

The Regulation significantly increases the obligations of businesses towards the protection of the personal data of their customers and employees, without though constraining the collection and processing of data for businesses.

Instead, the process of data will be based on a sequence of restriction series and new obligations for companies concerning:

• The processing of personal data throughout its life cycle, from collection to destruction
• Portability of data to other countries
• Protecting the rights of physical entities
• Security (confidentiality) of personal data
• The notification actions that the business should proceed in the event of a violation

In order for a business to be able to demonstrate its compliance with the provisions of the Regulation, it is required to implement procedures that follow the principles governing the processing of personal data.

In particular, the Regulation imposes a series of new obligations on businesses including:

• Development of the appropriate technical and organizational measures. Business entities must apply all the appropriate technical and organizational measures for the protection of the data (i.e. pseudonym, minimization of data etc.)
• Formation of the processing responsibilities, where joint controllers are in place.
• Incorporation of technological tools, from the manufacturers, which will provide the necessary protection to the user’s personal data during the usage of the product or service that, must be applicable from the creation, design, implementation etc.
• Manufacturer’s responsibility to protect data by definition. Meaning the application of the appropriate technical and organizational measurements, so as to ensure by definition that only the necessary data are being process per purpose.
• Strengthening the conditions for obtaining the consent of the individual. If the consent of the physical person’s data is provided in the context of a written declaration, which also concerns other matters, the request for the consent should be stated clearly with a distinctive way that will separate it from the other subjects, and, in a comprehensible, accessible form with the use of clear and simple wording.
• Acquisition of consent for minors, under the age of 16, by a person who has the parental responsibility of the child, in relation to the services of the Information Society.
• Disclosure and announcement of data breaches. The controller is required to notify the competent supervisory authority, as well as, the natural person who is the owner of the data, without any delay, within 72 hours the breach of the personal data.
• The retain of records of the processing activities.
• An Impact assessment on data protection and prior consultation. Meaning, an assessment should take place specifying the risk, impact and actions, before any process that may involve a high risk.
• The formation of codes of conduct in the business, which will specify how the personal data will be processed.
• The Establishment of data protection certification mechanisms that will demonstrate the Regulation compliance.
• Establishment of a Data Protection Officer. This is a new obligation provided by the Regulation, for persons who process personal data (definition of Data Protection Officer). This person enacts as the depositary of the personal data, and, is responsible, inter alia, for (i) monitoring company’s compliance according to the Regulation (ii) contacting with the competent supervisory authority, (iii) advising the company for any matter in relation to the protection of personal data and (iv) providing all the information to the persons’, whose personal data are being processed. The Data Protection Officer is being defined according to professional qualifications and may be a member of the company’s staff or perform the duties on a service contract notion.

The obligation for appointing a Data Protection Officer is formed when:

• The processing is performed by a public authority
• There is a regular and systematic monitoring of physical persons data, on a large scale
• There is a process of special categories of data, or, the data are relating to criminal convictions and offenses

A “large scale”, according to the Regulation, is when there is a process of a significant amount of data, or for a long duration of time, or when a large number of people are affected, or when the processing covers a large geographical area. Hospitals, banks, educational institutions, insurance companies, telecommunication services, internet search engine platforms etc, have large-scale monitoring.

Prerequisites for a lawful processing of personal data:

According to the Article 6 of the Regulation, in order for a process of personal data to be lawful, at least one of the following conditions should be applied:

• The person has given the consent to process his / her personal data
• The process should be necessary for the performance of a contract
• The process should be a necessity having the legal conformity of the entity or organization for processing the personal data
• The process is necessary for safeguarding the vital interest of a person
• The process is necessary for the fulfillment of a duty that is being performed for the public interest
• The process is necessary for the purposes of the legitimate interests pursued by the organization.

The processing of specific categories of personal data, it is only permitted when there is an explicit consent for the individual, performed within the labor law, social security and protection, or, when there is a vigorous interest.

Consent in accordance to Articles 4 and 7 of the Regulation, is the most common legal framework of personal data processing. The Regulation becomes rigorous under the conditions, which consent is considered as valid. “Valid consent” means any indication of will; free, specific, explicit, and informed of the procedures of personal data, relating to the individual. Silence, pre-filled boxes, or inactivity are not considered as consent. Consent should cover all the processing activities carried out for the same purpose or for the same purposes. When the process includes multiple purposes, consent should be given for all these purposes, separately.

As a result, some methods that were considered as legitimate or gray areas (i.e a predefined box accepting the Privacy Policy) are not currently, according to the Regulation, sufficient to justify the legitimacy of data processing.

As far as concern the children under the age of 16, who fall into the category of sensitive persons, and, therefore are not in the position to cope with consciousness the data processing, their consent in order to be considered valid, should be given by a person who has the parental responsibility of the child.

The harmonization and modification of each organizational structure, which maintains a database has already begun. In summary, the steps for the harmonization of the companies with the new Regulation are as follows:

• Appropriate training and briefing of the staff and customers, in a simple language, of the purposes of processing the data, the length of time that the personal data will be retained and the business identity
• Incorporating in their procedures, the rights of individuals of their data
• Development of the appropriate security measurements and necessary policies for the protection of the information
• Provision of the appropriate technical and organizational measures to ensure the availability of information (Business Continuity Plan)
• An analysis of the consequences that may arise from privacy violations (Data Protection Impact Assessment)
• Privacy protection consideration during the design of products and services
• Informing competent authorities within 72 hours, of the detection of system breaches and data loss
• Appointment of a data protection officer (DPO), as well as, persons who will have access to the data
• Implementation of an action plan that will deal with the confrontation of system breaches and data loss

The major sanctions and the innovations of the existing legal framework of the protection of personal data introduced by the Regulation, specify clearly the objective of the new regulation, which is none other than the creation of a single, stricter and adequate framework for the protection of personal data, which all Member States should apply.

The collection and processing of citizens’ personal data will now be based, on a balanced system governed by the trust between individuals and organizations, which the collection processing data activities will be under the notion of full transparency.

Citizens will have the opportunity to know, which organizations hold and manage their personal data, having the right to submit complain to the supervisory authority, when a violation and / or an incorrect processing of their personal data has been occurred.

The post GDPR – The Beginning of a New Era appeared first on Chambersfield Economides Kranos.