The New Personal Data Protection Law and the application of the General Data Protection Regulation (GDPR)

The New Personal Data Protection Law and the application of the General Data Protection Regulation (GDPR)

We live and work in times of IT innovations and digitization of processes. They have contributed in the past to occur exceptionally large number of scandals among large technology companies with violation and abuse of privacy, and with this seriously jeopardizing the personal data of users. 
We all remember the scandal with Facebook, when using the data profiles for making voting strategy for the US presidential elections in 2016. After the US Congress, public hearings of the main executives of giants like Facebook, Google and Apple were conducted, who were committed and took responsibility to take more measures for protection of the users’ privacy and better storage of personal data. 
In this regard, the European Union began to apply the new General Data Protection Regulation which requires a better protection in the way collections of personal data are managed, users’ right to be completely deleted from the digital services and redefines the obligations of data protection officers. 
General Data Protection Regulation (2016/675) is the largest legislative amendment in Europe for the last 20 years that came into force on May, 2018 and for its implementation the companies operating within the EU will spend hundreds of millions of dollars. 
Although is an EU regulation, it has made an impact in other countries like Argentina, Brazil, Chile, Japan… The project value presents its weight and seriousness, the importance of expertise, and how much the citizens receive with their guarantees. 

Novelties in the Law on Personal Data Protection based on the legal framework provided by the General Data Protection Regulation (GDPR)

The new Personal Data Protection Law regulates the protection of personal data as fundamental rights and freedoms of individuals, and in particular the right to privacy with regard to the processing of personal data. 
The main purpose of the new law is to “acknowledge” the indisputable fact that unlike before, now the processing of personal data is more frequently performed on automatic means, by electronic devices.
The Regulation introduces more new and important solutions: the right to be forgotten, the right of portability of data, editing of profiling with regard to enacting individual decisions, impact assessment when processing personal data, notification for personal data breach, common corporate rules, as well as technical and integrated personal data protection.
The law’s purpose is to prescribe specific provisions on the processing of personal data, while their proper implementation will ensure the inviolability of privacy of the individual.


Complete transposition of the GDPR will be performed with the new Personal Data Protection Law. Due to protection of privacy and personal data from violation and abuse, as good practice in the use of media for electronic processing of personal data on the International data protection day, 28 January, The Personal Data Protection Directive in accordance with the regulation, recommended the following:

Recommendations for all citizens

• Always lock your media (the system) when you’re away;
• Use strong, complex passwords to log into the system;
• Never write down your password, strive for it to be remembered;
• Never use the same password for all your online activities; 
• Always use the latest version of security software applications; 
• When using online services that require disclosure of your personal information, keep to the principle of “common sense” (to make sense of the required thing)
• When using online services that require disclosure of your personal information, strive always to do it with encryption system (to have “https: // protocol); 
• Do not open e-mail from unknown senders;
• Make a backup copy of the important data; 
• Use secure wireless network (Wi-Fi) Internet;

Recommendations for all companies

• The companies should be clear and concise in the collection and use of personal data such as full name and surname, address, location, IP address and identifiers used to track smartphones for use of web applications;
 • Companies will have to clearly indicate the reason for collecting the data and whether the data will be used to create profiles of the users’ habits and actions;
 • Users have the right to get access to the data that companies store for them, the right to correction of some inaccurate information and the right to limit the use of decisions made by the algorithms; 
• This habit will be valid on the EU territory regardless of which part of the world the information will be processed. It will cover all ordinary sites, sites of banks, universities, Facebook, Google and Apple. 
• Companies have to prepare all internal regulations required under The New Personal Data Protection Law within the given deadline for adaptation;