RODO / GDPR
The RODO (Personal Data Protection Regulation, or GDPR) is a fundamental EU regulation governing the processing of personal data of individuals. It defines the rules for collecting, storing, sharing and deleting personal data, as well as the rights of data subjects (right of access, rectification, erasure, data portability, objection). For companies, this means the obligation to have a legal basis for any data processing, keep a register of processing activities, apply the principle of data minimization, implement appropriate technical and organizational data protection measures, and in many cases, appoint a Data Protection Officer (DPO/DPO) and conduct data protection impact assessments (DPIAs).
RODO has been applied since May 25, 2018, and is directly applicable in all EU member states. Although it is not a new regulation, supervisory authorities (in Poland – the President of the Office of the DPA) are enforcing it more and more actively, imposing increasingly higher penalties. In addition, growing consumer awareness and new CJEU jurisprudence are steadily expanding the scope of practical obligations for companies.
The RODO applies to virtually any organization processing personal data of individuals residing in the EU – regardless of industry, company size or whether the company is based in the EU. It covers both data controllers (entities that decide on the purposes and means of processing) and processors (companies that process data on request). In practice, it applies to any company that has customers, employees, a mailing database, a CRM system, an online store, a mobile app, video surveillance (CCTV), or any other process that involves data that identifies a specific person.
Up to €20 million or 4% of total annual worldwide turnover (whichever is higher) for the most serious violations (e.g., lack of legal basis for processing, violation of persons’ rights). Up to €10 million or 2% of turnover for less serious violations (e.g., no record of processing activities, inadequate technical safeguards). In Poland, fines have already reached tens of millions of zlotys – e.g. a fine of more than PLN 3 million for Morele.net or fines for telecommunications operators.
Our Regulatory Compliance Report will verify your processes against specific articles of the regulation – from the legal basis for processing, to information obligations, to technical and organizational measures. Each potential non-compliance documented with a regulatory citation and an estimated risk of penalty. It’s a fast, reliable diagnosis at a fraction of the cost of a traditional legal audit. From $499 net, report in 48 hours.
