What is the regulation about?
This revised regulation places a legal responsibility on companies to manage, in a new defined way, the Personal Data they hold and process about private individuals.

What happens if we don’t comply?
Failure to comply with the requirements may lead to penalties of up to €20 million or 4% of worldwide annual turnover. The penalties will be imposed by the Slovak Data Protection Office.

To comply, a Company will need processes in place to:

1. Identify, access and process all combined personal data held about an individual across the entire Company.
2. Provide all combined personal data stored across the entire Company to the individual, if requested by them.
3. Identify a data protection incident such as data leak, data loss, and inability to meet the request of an individual.
4. Capture, assess and report data protection incidents within 3 days of becoming aware to the Data Protection Authority.
5. Secure consent from all persons on which you hold and process personal data.
6. Manage an individual’s request to provide and or erase data you hold on them.
7. Have a Data Protection Officer appointed in your organization.
8. Demonstrate there is a robust security process in place around personal data.

More information in the leaflet.