GDPR – A Monster under an Entrepreneur’s Bed?

On May last year the GDPR, the General Data Protection Regulation, entered into force. The General Data Protection Regulation is in its “simplicity” a law made by the European Union, which regulates the use and processing of people’s personal data. The regulation is basing itself to the Charter of Fundamental Rights of the European Union, which are easy to be thought of as comparable to European human rights. The regulation is thus applicable in Finland in all of its text, and even though Finland has its own Data Protection Act it is only complementing the application of the GDPR. You as a natural person have rights to how your personal data is handled, who does it, how it is done, and how to affect it. Strictly this view the GDPR seems pretty nice, but as someone’s freedom if an another’s responsibility GDPR does create new and heavy responsibilities for the entrepreneur.

The GDPR is founded on the idea that once someone collects personal information of a person (data) then a legal responsibility is created for that someone to process and store that information in a certain way. What is then meant with collecting data and what is it’s storing? First, one needs to have a legally accepted basis for collecting data. In practice this usually means asking permission from the person whose data is collected. Second, if the collected data forms the possibility of a person being identified from that data, then this is to be understood as a data registry in the meaning of the Regulation. This registry forms a legal responsibility to its holder to manage and use it properly. The regulation does not make a difference to whether the data is stored on a server or a notebook. The EU-court has for example ruled that when the Finnish Jehovah’s Witness collected a list about doors knocked and houses visited, this list was unlawful as the people marked in the last had not been asked for their consent to be included in that list.

The previously explained legal responsibility is not brought upon private persons if their information collection is only relating to their own personal life and acts. An entrepreneur or a company cannot use the same exemption. For example, if your company has an application that it manages, all information collected and sent to you by that application is responsible for the correct processing and storage of data by your company. This is also the case when your store has a list of good loyal customers or customers in general. Or, for example, if your business has a website that collects a list of their visitors (which is very common for websites). It is difficult for today’s entrepreneur to avoid liability under the new privacy regulation. It is safe to say that a modern entrepreneur can hardly escape the grasp of the General Data Protection Regulation and responsibilities it creates.

Ok, so your company has personal data of natural persons (data subject), what does this then actually mean for you? As previously mentioned the first question is whether there is a basis, a proper reason, for the collection of the data. There are multiple different legal basis found in the Regulation, of which the most simple is consent. Usually it is enough that you ask for the explicit permission for the collection of the personal data. This is however a gross simplification which may change depending on the situation. Even before the collection of the data can started, the person whose data is collected must be informed on how and for what purpose the data is collected. That person also needs to be informed on how and for how long the data is stored and who has access to it. A company can fulfill these requirements with a Privacy Policy which has to be made available freely and easily. It is smart to draft the Privacy Policy with care, as gaps or digression from it can easily be pointed at by authorities. Because the GDPR regulates data on its whole “lifespan”, also storing that data falls under specific regulation. For example, storing data outside of Europe is advised against strongly, as its security cannot then be guaranteed. Responsibility for the security of the data also falls to the one controlling the data. If something surprising happens to the data or a wrong person accesses it, the controller of the data is primarily held responsible. A big part of the data controller’s responsibility comes from the rights of the data subjects. The person whose data has been collected has the right to change, remove, transfer, correct or restrict the data that has been collected from them, and which the data controller has to react in some way. As a cherry on top, the data subject (person) needs to be actively and accurately informed of the aforementioned and any changes to it.

Legal responsibility can thus be quite large. It is then natural to ask that who takes care of these responsibilities and does there need to a special hire for these tasks? The GDPR requires for companies and communities to appoint a Data Protection Officer (DPO) to ensure compliance with the Regulation. The Data Protection Officer does not need to be a person who is specifically hired for the task, meaning they can be appointed from the current employees. However, the required expertise of the position drives many companies to seek the services of an external data protection officer. This is a good solution especially for small- to medium sized companies whose budget might not accommodate hiring a “own” data protection officer.

Acknowledging all the preceding legal responsibilities it is logical to thing of the consequences of a potential breach. In Finland the authority monitoring GDPR compliance is the Office of the Data Protection Ombudsman. This national authority gives guidance on compliance, notifications on small breaches and as a last resort administrative fines. Because the justification behind the potential fines is found in fundamental rights, the amount of the fines can be quite high. According to the regulation the maximum amount for an administrative fine is either twenty million euros (20 000 000) or four percents of of the total worldwide annual turnover of the preceding financial year, whichever is higher. The Data Protection Ombudsman of Finland has not yet issued any fines, only notifications, for the reason that the regulation is quite new and its application unexplored.

Issues relating to data protection and privacy are a good example of corporate risk management. Usually, the realisation of risks and consequences can be averted by a small effort of an expert. Data protection and privacy require constant management, when it might become topical to hire a data protection officer. As Autio Attorneys is specialised in the risk management of companies and enterprises, whether it is the drafting of a privacy policy or an appeal of a fine, Autio Attorneys can help.

Jalmari Männistö
Associate Trainee

Top

Kuvituskuva maksukyvyttömyysoikeus

Maksuvaikeudet

Maksuvaikeudet kohtaavat niin yrityksiä kuin yksityishenkilöitä. Silloin on tärkeää ymmärtää velkojan ja velalliset erilaiset intressit ja niistä syntyvät mahdollisuudet ratkaista tilanne. Paras ratkaisu syntyy parhaan ratkaisukeinon oikea-aikaisella valinnalla.

Kuvituskuva työ- ja virkasuhteet

Työ- ja virkasuhteet

Työ- ja virkasuhteisiin liittyy erilaisia ongelmatilanteita, joista jokainen on ainutlaatuinen kokemus. Omista oikeuksistaan kannattaa huolehtia niin yrityksen kuin työntekijän.

Kuvituskuva vahingonkorvaus

Vahingonkorvaus

Vahingonkorvausvastuu voi koskettaa niin yritystä kuin yksityishenkilöä. Vastuu ja periaatteet ovat erilaisia riippuen siitä, onko kyseessä sopimuksen ulkoinen vai sopimukseen kuuluva vastuu.

Kuvituskuva veroasiat

Verotus

Verosuunnittelu voi tuoda huomattavia säästöjä niin yritykselle kuin yksityishenkilölle. Asiantuntijamme auttavat sinua myös verotusasioissa.

Kuvituskuva perhe- ja jäämistöasiat

Perhe- ja perintöasiat

Lainsäädäntö kattaa lähes jokaisen elämän osa-alueen ja määrittää meidän oikeutemme ja velvollisuutemme elämän eri vaiheissa. Perhe- ja perintöoikeudellisista asioista voidaan sopia ennalta, mutta riidoiltakaan ei aina vältytä.

Kuvituskuva kiinteistöoikeus

Kiinteistöt

Kiinteistö tai asunto-osake on merkittävä hankinta, johon sisältyy myös huomattavia riskejä. Yritykselle toimitiloihin puolestaan liittyy usein pitkiäkin sopimussuhteita.

Kuvituskuva riidanratkaisu

Riidanratkaisu

Sovinto on usein asiakkaan kannalta oikeudenkäyntiä nopeampi ja edullisempi ratkaisu. Jos sovintoa ei löydy, voidaan asiaa ajaa tuomioistuin- tai välimiesmenettelyssä. Selvitämme asiakkaamme puolesta oikeusturvavakuutuksen käyttämisen mahdollisuudet sekä oikeusavun myöntämisen edellytykset.

Kuvituskuva rikosasiat

Rikosasiat

Rikosasioissa kannattaa turvautua asiantuntijan apuun ajoissa.

Jukka Autio


Johtava osakas
Asianajaja

 

Jukalla on vuosikymmenten vankka kokemus liiketoiminnan juridiikasta, aina yhtiöiden perustamisesta yritysjärjestelyihin asti.

Jukka on hoitanut menestyksellisesti myös yksityishenkilöiden toimeksiantoja, koskivat ne sitten perheoikeudellisia haasteita tai vaativia rikosoikeudellisia tapauksia.

Jukka on tullut tunnetuksi haastavien toimeksiantojen ratkaisijana, jonka lisäksi hän toimii hallitusammattilaisena.

Jukka on suorittanut sovittelukoulutuksen ja hyväksytty Suomen Asianajajaliiton sovittelijaluetteloon.

Yhteystiedot

+358 10 583 5581

Suojattu viesti: https://www.turvaposti.fi/viesti/

Opinnot

OTM, KTM, HHJ PJ

Erityisosaamisalueet

Yhtiöoikeus, riidanratkaisu, vero-oikeus, rikosoikeus, perhe- ja jäämistöoikeus

Kielet

Suomi, ruotsi, englanti

Teemu Halinen

Teemu Halinen


Asianajaja

 

Teemu tuli yrityksemme palvelukseen vuonna 2022. Aikaisemmin Teemu on työskennellyt asianajotoimistossa ja hoitanut pääasiassa oikeudenkäyntiasioita. Teemu avustaa asiakkaitamme riita- rikos -ja hakemusasioissa yleisissä tuomioistuimissa. Lisäksi Teemulla on kokemusta perhe- ja perintöoikeudellisten asioiden hoitamisesta ja hallinto-oikeuksissa käsiteltävistä valitusasioista.

Yhteystiedot

+358 10 583 5587‬

Suojattu viesti: https://www.turvaposti.fi/viesti/

Opinnot

OTM

Erityisosaamisalueet

Rikosoikeus, oikeudenkäynnit

Kielet

Suomi, englanti

Julius Autio


Lakimiesharjoittelija

 

Julius on maisterivaiheen opiskelija Helsingin yliopiston oikeustieteellisessä tiedekunnassa, jonka lisäksi hän suorittaa tutkintoa Aalto-yliopistossa pääaineenaan laskentatoimi. Kaupallisista opinnoista on ollut merkittävää hyötyä erilaisten juridisten toimeksiantojen hoitamisessa.

Juliuksella on kokemusta toimeksiannoista juridiikan eri aloita, kuten riidanratkaisusta ja perintö-oikeudesta. Hallintoprosessin puolelta Juliuksella on kokemusta etenkin verovalituksista.

Yhteystiedot

+358 10 583 5585

Suojattu viesti: https://www.turvaposti.fi/viesti/

Opinnot

Oik. yo, kaup. yo

Erityisosaamisalueet

Yhtiöoikeus, sopimusoikeus, vero-oikeus, vahingonkorvausoikeus

Kielet

Suomi, ruotsi, englanti, ranska

Samu Toppinen


Juristiharjoittelija

 

Samu tuli yrityksemme palvelukseen vuonna 2024.

Yhteystiedot

+358 10 583 5583

Suojattu viesti: https://www.turvaposti.fi/viesti/

Opinnot

Oikeusnotaari

Erityisosaamisalueet

-

Kielet

Suomi, englanti

Ota yhteyttä tai anna palautetta.
Contact us or give feedback.

    Kuvituskuva rahoitus ja liiketoiminnan kehittäminen

    Financing and Business Development

    Although the type, scope and content of activities vary, the need for development and financing is common to all entrepreneurs. When changes occur, an entrepreneur faces numerous challenges that may have devastating economic consequences. In addition to normal consultative and litigation matters, we serve as a long-term partner for your company.

    Kuvituskuva rahoitus ja liiketoiminnan kehittäminen

    Insolvency

    Both companies and private individuals can experience payment difficulties for a variety of reasons. Financial difficulties and insolvency are a matter of the different interests of the creditor and debtor. To solve the situation, it is important to select the best possible measure at the right time.

    Kuvituskuva työ- ja virkasuhteet

    Employment in Private or Public Sector

    Public service employment and employment relationships in private sector involve different kind of problematic situations, each of which is unique in its own right. Societal/social changes and economic uncertainty always present challenges to the work community. It is worth seeing to your rights.

    Kuvituskuva vahingonkorvaus

    Damages

    Both corporations and private individuals may be liable for damages. On the other hand, they may both suffer damage and be entitled to compensation. The liability and principles differ depending on whether the matter involves a so-called contractual or non-contractual liability.

    Kuvituskuva veroasiat

    Taxation

    A large part of a company’s expenses and a private person’s finances is taxation-related. There are several ways to achieve the best possible tax solutions, and tax planning can provide considerable savings. Our firm has solid experience in consulting on complex taxation issues.

    Kuvituskuva perhe- ja jäämistöasiat

    Family and Inheritance

    The law covers almost every aspect of our lives and determines our rights and responsibilities in the different phases of everyday life. Although matters related to family and inheritance law can be arranged and settled beforehand, disputes do arise every now and then.

    Kuvituskuva kiinteistöoikeus

    Real Estate

    Purchasing real estate or a share of stock in a housing corporation is a considerable acquisition and, for most of us, also represents the biggest financial decision in our lives. At the same time, housing involves many other values and considerable risks. For a company, a business premises is a valuable investment that might involve a long contractual relationship.

    Kuvituskuva riidanratkaisu

    Dispute Resolution

    From the customer’s point of view, reconciliation is often a faster and more cost-effective solution than a trial. If reconciliation cannot be achieved, we provide you with solid experience and expertise in court as well as in arbitration proceedings. We will also determine whether legal expenses insurance is available and whether legal aid can be granted.

    Kuvituskuva rikosasiat

    Criminal Cases

    Crime-related matters can surprise even a conscientious citizen. As the criminal sanctions may be severe, we recommend seeking help from an expert immediately.

    Jukka Autio


    Managing Partner
    Attorney-at-Law

     

    Jukka has decades of solid experience in business law, ranging from company formation to corporate restructuring. He has also successfully handled assignments for private individuals, whether they involved family law challenges or complex criminal cases.

    Jukka is known as a problem solver for challenging assignments and additionally serves as a professional board member.

    Jukka has completed mediation training and is listed in the Finnish Bar Association's Mediator Register.

    Contact

    +358 10 583 5581

    Secured email: https://www.turvaposti.fi/message/

    Studies

    LLM, MSC (Econ. & Bus. Adm.), CBM C.

    Expertise

    Company Law, Dispute Resolution, Tax Law, Criminal Law, Family Law

    Language skills

    Finnish, Swedish, English

    Teemu Halinen

    Teemu Halinen


    Senior Associate
    Attorney-at-Law

     

    Contact

    +358 ‭10 583 5587‬

    Secured email: https://www.turvaposti.fi/message/

    Studies

    LLM

    Expertise

    Criminal law

    Language skills

    Finnish, English

    Julius Autio


    Associate Trainee

     

    Contact

    +358 10 583 5585

    Secured email: https://www.turvaposti.fi/message/

    Studies

    Law and Business Student

    Expertise

    Company Law, Contract Law, Tax Law, Tort Law

    Language skills

    Finnish, Swedish, English, French

    Samu Toppinen


    Associate Trainee

     

    Contact

    +358 10 583 5583

    Secured email: https://www.turvaposti.fi/message/

    Studies

    Bachelor of Laws

    Expertise

    -

    Language skills

    Finnish, English

    Ria Öhrnberg-Autio


    Office Manager

     

    Contact

    +358 500 585 533

    Studies

    Law student, Business Advisor, Community Educator, Work Community Mediator 

    Expertise

    Administration, Community developing and interpreting

    Language skills

    Finnish, Swedish, English

    Ria Öhrnberg-Autio


    Toimistopäällikkö

     

    Ria vastaa asianajotoimistomme taloudesta ja henkilöstöhallinnosta. Rialla on vankka kokemus vaativista ja vastuullisista esimiestehtävistä pankkialalta ja valtionhallinnosta. Työyhteisön valmentaminen ja kehittäminen ovat hänelle sydämen asia.

    Yhteystiedot

    +358 500 585 533

    Opinnot

    Oik. yo., yritysneuvoja, yhteisöpedagogi, työyhteisösovittelija

    Erityisosaamisalueet

    Työyhteisön kehittäminen, työyhteisösovittelu, valtionhallinto

    Kielitaito

    Suomi, ruotsi, englanti

    Mikael Malmivaara


    Laskenta-assistentti

     

    Mikael avustaa toimistomme juristeja erityisesti talousrikosasioihin  ja konkurssiasioihin liittyvissä toimeksiannoissa.

    Yhteystiedot

    Suojattu viesti: https://www.turvaposti.fi/viesti/

    Opinnot

    Kauppatieteiden ylioppilas

    Erityisosaamisalueet

    Rahoitus- ja laskentatoimi

    Kielet

    Suomi, englanti

    Mikael Malmivaara


    Accounting Assistant

     

    Mikael assists our office's lawyers particularly with assignments related to financial crime and bankruptcy matters.

    Contact

    Secured email: https://www.turvaposti.fi/message/

    Studies

    Bachelor of Science in Economics and Business Administration student

    Expertise

    Finance and accounting

    Languages

    Finnish, English