Data privacy may soon become a painful issue for many companies not only providing online services but also processing personal data of their employees. This is because a bill on the introduction of a new administrative fine concept is currently under consideration in Estonia.
The main law governing personal data protection in the EU is the General Data Protection Regulation (GDPR). This very law has established those onerous requirements that almost every company in the EU and some companies outside the EU are obliged to comply with. Moreover, this law establishes exorbitant fines for non-compliance with its requirements (up to €20 million or up to 4 % of the total worldwide annual turnover).
However, the Estonian legal system has not had a proper enforcement mechanism that would allow imposing those fines. And now, it is intended in Estonia to create that enforcement mechanism, which should make it possible to hold companies liable for all data protection infringements and fully apply fines stipulated in the GDPR.
So, the time is coming when companies can really feel the brunt of GDPR fines. Therefore, it is now worth taking care of compliance with the requirements for personal data protection. Let us meet those times prepared!