Print page Send link

New Legislation

20 Sep 2017

On 25 May 2018 a new Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46EC (General Data Protection Regulation) (hereinafter – “Regulation”) will come into force. The Regulation provides that personal data means any information relating to an identified or identifiable natural person (“data subject”), e.g. name, surname, address, e-mail, phone number, location, IP address, photos, information about credit cards, etc. 

The General Data Protection Regulation will reform the rules of personal data protection and strengthen the responsibilities of the data processor and data controller.

The main innovations in the new Regulation are the following:

- New rights of the data subject (for example: the right to be forgotten, the right to data portability);

- Stricter requirements for data subject’s consent to process their data (consent must not be ambiguous, an obligation to prove that the subject has understood and agreed with the processing of data, etc.);

- New requirements for processing of child’s personal data;

- The obligation to inform data subjects about breaches of personal data security;

- The obligation to designate a Data Protection Officer;

- There is a new requirement to clearly inform the data subject for what purposes the data provided will be used;

- The Regulation states that responsibility for the processing of personal data will have to be shared both by the data processor and the data controller;

- “One-stop-shop” mechanism (the supervisor has the competence to act as the lead supervisor when the data controller or data processor carries out cross-border processing of data);

- Increased cooperation between supervisory authorities;

- New requirements for the data controller (it is necessary to carry out an assessment of the impact of processing operations on the protection of personal data before the data is processed);

- The new Regulation introduces the representation of data subjects (the data subject will have the right to authorize a non-profit institution, organization, association to act solely on its behalf in relation to the protection of personal data);

- Extension of the territorial scope of the Regulation (the Regulation applies even if the company has only a branch in the EU and the head office is not established in the EU).

The rules of the new Regulation will be directly applicable to all EU Member States, and for the violation of these rules, a fine in the amount of up to EUR 20 million or 4 percent of the company’s annual worldwide turnover (whichever is the higher) may be imposed. Thus, the companies, which are working with data allowing to identify a person should be duly prepared for the entry into force of this Regulation in the spring of 2018. 

The wording of the Regulation can be found here

Back to the news list


International recognition

16 Apr 2020

Šulija Partners Law Firm Vilnius was once again recommended by the Legal 500 EMEA as a top tier firm.

Extended term for reporting on income from individual activity

10 Apr 2020

Extended term for filing tax declarations on income from individual activity

Legal update

15 Mar 2020

Legal issues related with Covid-19 outbreak affecting business

Aviation - local legislation update

6 Jan 2020

New wording of the Law on Aviation: aircraft registration and operation, experimental category aircraft

More news...

Šulija Partners Law Firm Vilnius, registered office Jogailos street 4, 3rd floor, Vilnius, LT-01116, Lithuania, fax +370 52051926, e-mail:

Contact details | Sitemap | Know your customer | Privacy policy | Feedback | Links | Terms and Conditions | Attorney advertising | Copyright Back to the top