Data protection

After years of negotiations to reach an agreement in keeping with the objectives of the harmonisation of data protection, in 2016 the EU general data protection regulations (EU GDPR) came into effect. The GDPR introduces numerous changes and extensions to the rights of persons and also an adjusted range of sentences. For companies it amounts up to 20 million Euros or 4 percent of annual global sales, whereby the higher value is taken to the upper limit. In comparison, previously the maximum fine was 300,000 Euros.   

In the modern working world, the technical possibilities of networking and increasing combination of private and professional information results in the recording and processing of ever more data and sensitive data relating to employees. In this demanding environment, a special point of the GDPR takes effect. The directive establishes extensive and detailed regulations for the processing of personal data, including data protection for employees.

However, in a fashion which is untypical for a directive, these regulations are not exhaustive. On the contrary, the directive includes an opening clause which allows member states to make national regulations for the purpose of employee data protection through legislation or through collective agreements. In other words, instead of European harmonisation, the result will be a different interpretation of the employee data protection regulations from member state to member state and from company to company.

Rödl & Partner in Lithuania will gladly support you in the following areas: 

• The general right to privacy and relevant data protection laws
• Data processing agreements, privacy policies and consent forms
• Internal procedures and policies relating to data processing
• Implementation of whistleblowing schemes
• Implementation of complex cross-border data transfers
• Registration of data processing with the national authorities
• E-privacy and E-marketing (E-mail, SMS, call campaigns; cookies, public directories)
• Document and information retention rules
• Resolution of disputes with data subjects and authorities
• Data protection compliance audits
• Personal data in the context of M&A transactions
• Drafting and implementation of online privacy policies, terms and conditions.