The forum „Business topic: New data protection rules” which took place on 5th of October 2017 was of big interest to the public. More than 130 participants attended the event, including representatives of banks, insurers, investment intermediaries, non-banking credit establishments, debt collectors, IT companies, law firms, consulting organisations, industrial companies, branches of foreign companies, small and big enterprises. Managers of various functional bodies, HR employees, IT specialists and risk management respondents also took part.
The organisers from Economix.bg, CPDP as represented by its chairman – Mr. Ventsislav Karadjov and by Mr. Tsanko Tsolov, member of the Commission’s board, Ms. Anna Buson, risk management consultant at Deloitte, and Dr. Ina Naidenova, representative of BAIT, presented and elaborated on the technical aspects of the preparatory work for the application of Regulation (EU) 2016/679, which will commence on 25th of May 2018.
Clarity was given on key elements of the 4 main topics: „The new Regulation – more guarantees to consumers or higher administrative burden?”, „New obligations for data protection administrators and processors”, „How to conduct audit on the newly-introduced rules and regulations?”, „Pseudonymisation and encryption, log systems and safety rules. What should we say to the IT departments?”.
It became clear that with the introduction of the Regulation, companies will be required to meet a certain criteria, with which they can take care of the safety of the stored by them data. The participating experts explained the main principles and tools, according to which the business should be managed when applying the General Regulation, namely:
– Introducing a requirement to assess the impact;
– Risk management and regulatory authority consultations;
– Introducing an audit principle;
– Refined rules for internal and trans-border data transfers;
– Empowered rights of citizens to control their own data;
– „Consent to processing” on behalf of the client, etc.
The event caused a high interest amongst the auditorium and plenty of questions were discussed with regards to:
– Codes of conduct;
– Financial penalties to which subsidiary companies will be held accountable;
– Deadlines for processing and storing of personal data;
– Skills and experience which the data protection officer should possess.
CPDP expects in the followings couple of weeks the prepared proposal for an update of the national legislation, in accordance with the requirements of Regulation 2016/679, to be voted on by the Ministry of Foreign Affairs and the Ministry of Justice. Then, the proposed changes will be put to a public discussion with representatives of the business and public sectors, where an opportunity will be given to express opinions and objections, and to give feedback and comments.