Data protection. Personal data. European General Data Protection Regulation (GDPR) implementation and compliance

The EU General Data Protection Regulation (GDPR) came into effect as of 25th of May with the aim of strengthening cybersecurity, increasing privacy for EU citizens and unifying data legislation from across the European Union. GDPR aims to enshrine EU citizens’ right to privacy by giving them back control of who holds their personal data, how it is used and how well protected.

GDPR applies to all organizations holding and processing EU resident’s personal data, regardless of geographic location. Many organizations and companies outside the EU are unaware that the EU GDPR regulation applies to them as well. If an organisation offers goods or services to, or monitors the behavior of EU residents, it must meet GDPR compliance requirements. It means that it does not matter where the company is established, the most important fact is the fact of processing the personal data of EU residents.

ECOVIS ProventusLaw helps for companies by:

– Reviewing and adapting business processes to comply with GDPR requirements;

– Performing an impact assessment on data protection;

– Arrangement of internal documents related to personal data;

– Preparation for the implementation of the rights of data subjects;

– Preparation of privacy policy or privacy notice;

– Appointment a Personal Data Officer, if necessary.

– Ensuring the security of personal data (adaptation, review of appropriate technical and organizational measures).

– Preparation for the recording of data processing activities.

More about Data protection you can find under

Loreta Andziulytė

Head of practice group

Loreta Andziulytė

Partner, attorney at law

The experience by ECOVIS ProventusLaw include:

ECOVIS ProventusLaw advises on all regulatory issues of data protection. We represent clients in their registration as data controllers, develop privacy policies and advise on issues related to them. Our lawyers also advise on issues of processing of personal data, personal data of employees and data transfer to third parties, represent clients in the State Data Protection Inspectorate, in courts and in the investigation of data protection infringements.

Success stories


How do companies manage to reduce the amount of personal data?

22/11/2019 State Data Protection Inspectorate published a summary of inspections of rental companies and evaluated the implementation of the data minimization principle and the obligation to inform the data subjects

CJEU: Internet users must explicitly agree to the installation of cookies

03/10/2019 The Court of Justice of the European Union (CJEU) ruled on that the consent is not validly constituted if, in the form of cookies, the storage of information or