The purpose of the general data protection regulation is to provide for clear and unified rules concerning the processing of personal data in the member states.
At the same time the GDPR provides for stricter rules in respect of personal data processing and provides for substantial sanctions that can be imposed on companies breaching the rules laid out in the regulation.
Taking into consideration that the regulation enters into force on 25 May 2018 companies should now at the latest undertake actions for ensuring that their data protection processes and systems are in line with the GDPR. This applies, in particular, to companies selling products or services to consumers (B2C).
The review of an organization’s data processes and systems as well as preparation of relevant data protection documentation is a time consuming task.
Last year we assisted several companies with carrying out a data protection risk analysis and with preparing data protection policies and internal data processing guidelines.
Thus, do not hesitate to contact us at MK-Law should you need assistance in resolving any data protection issues concerning the Finnish part of your organization.