GDPR – Information Law The implementation of 2016/679 General Data Protection Regulation in Europe is now a reality. The long experience of our lawyers in Information Law is valuable. The public and private sector’ s compliance with GDPR is necessary. The protection of privacy constitutes an enshrined right for every citizen and its violation can be judicially compensated. The conduct of Gap Analysis regarding the maintenance of GDPR, as also of e-Commerce legislation, is required in order the enterprise to be legally protected and to be able for a timely judicial protection in case of a judicial dispute. Frequent QuestionsIS THE PROCEDURE OF COMPLIANCE WITH GDPR CONDUCTED SIMILARLΥ FOR ALL KINDS OF ENTERPRISES? Partly yes. The main requirements of GDPR concern all kinds of enterprises. Some specific requirements, though, such as the initiation of permanent archive of data processing activities, the Data Protection Impact Assessment, the appointment of Data Protection Officer, apply for some enterprises, according to their size, the data processing scale size inter alia. WHY SHOULD AN ENTERPRISE COMPLY WITH GDPR? For two reasons. Firstly, in order the enterprise to obtain the competitive advantage of compliance, which will be considered by the customers. Secondly, in order a sanction to be avoided, due to lack of compliance, which amounts maximum to 4% of the enterprise’s turnover. WHICH ARE THE STEPS FOR COMPLIANCE? The main steps are eight. First step. Full information and commitment of company’s administration, regarding the necessity for compliance with GDPR, by creating the team, which will manage the compliance process. Second step. The Data Mapping, namely the full registration of all kinds of personal data, which are being processed by the enterprise, as also of people having access to such data. Third step. The Gap Analysis regarding the requirements of GDPR, and according to which is necessary the definition of the suitable legal and technical measures, in order the compliance with GDPR to be implemented. Fourth step. The drafting and implementation of legal and technical measures, in order the enterprise’s data protection function by default and by design to be implemented. Fifth step. The control regarding the need of conducting a Data Protection Impact Assessment, and the DPIA conduct according european standards. Sixth step. The composition of a full Security Policy, as also of contracts with people who have access to personal data, as also the obtain of consent by the personal data subjects, where is necessary, in order the confidentiality to be secured as to the data processing, and the consent of people who have a professional relationship with the company, as to the processing of their data. Seventh step. The staff’s training, in order the company to obtain the necessary culture as to the personal data protection, and if it’s necessary, the designation of Data Protection Officer (DPO), who will be the responsible for data protection person and the person who will have cooperation with the Data Protection Authority, as to the maintenance of legal provisions. Eighth step. This is the final check of the company’s function, as to the implementation of GDPR, according to the legal and technical measures and the staff’s training, and the continuous monitoring through periodic inspections.