On 25 May 2018 the General Data Protection Regulation has taken effect in the Netherlands, It is an important step towards the unity of privacy legislation within all European member states. But the GDPR can reach even beyond the borders of the EU (plus some countries of the EEA). The GDPR applies to personal data of all citizens in the EU, even if these data are processed outside the EU.
For example, processing outside the EU takes place when you use Russian software developers who have access to data from EU citizens. Or when the payroll administration of your Dutch/European employees in Russia is done by a local Russian party. In that case, ambiguities and conflicts may arise between the Russian legislation and the requirements of the GDPR. In addition, the GDPR requires safeguards for transfer of data to foreign countries. Only in countries designated by the European Commission protection of personal data is considered to be adequate. In other cases, the exporter of data and the importer/recipient abroad have to provide additional safeguards, according to model contracts or binding corporate rules established by the Commission or agreements approved by the supervisory authorities.
In short, a whole new area of legislation, where practice that still has to take shape. We have specialists in our team, who can explain the similarities and differences between GDPR and Russian privacy legislation and help you provide adequate safeguards as required by GDPR.
