Are you compliant with the GDPR?


The General Data Protection Regulation (the GDPR) became effective on 25 May 2018. The GDPR introduced a uniform legal framework for the protection of personal data in all EU Member States, replacing the previous inconsistent mosaic of national laws. 



The GDPR has brought a number of changes to personal data protection, such as:

  • new requirements for consent to personal data processing
  • extension of data subjects’ rights (right to deletion / right to be forgotten, right to data portability)
  • more detailed regulation of the controller – processor relationship
  • changes in the appointment, status and tasks of the data protection officer





The GDPR has simplified data processing rules for data controllers and data processors operating in several EU Member States. In addition to the above changes, the GDPR also introduced new personal data processing principles (e.g. privacy by design and privacy by default) and imposed new obligations (e.g. notification obligation of a personal data breach). The GDPR has forced companies to change their approach to personal data processing.

The GDPR also introduced a significant increase in administrative fines for non-compliance with data protection laws, up to EUR 20 million, or 4% of total worldwide annual turnover in the preceding financial year, whichever is higher. In the EU, several significant fines have already been imposed, e.g. £183 million on British Airways in the UK, £99 million on Marriott International in the UK, EUR 50 million on Google in France, EUR 1.1 million on Facebook in Italy and EUR 220,000 on Bisnode in Poland. In Slovakia, one year after the GDPR became effective (as of 24 May 2019) the Office for Personal Data Protection has imposed 38 fines in a total amount of EUR 132,600 for violations of data protection laws.


Ignorance of the law is no defence if a company is found to be in breach of data protection legislation. Ensuring compliance with business processes and documentation with the GDPR is a task that requires the time and cooperation of your company’s departments. GDPR is a process that you should factor into every aspect of your business and adopt as the norm.


How can PwC Legal help you?


We will assess the compliance of your current documentation with GDPR requirements, evaluate identified shortcomings and suggest steps to eliminate them.


We will prepare GDPR compliant documents (e.g. consents to personal data processing, data processing agreements, internal data protection policies and procedures).

We will provide GDPR training for your employees and managers.

We will provide you with ad-hoc legal advice on data protection matters.


Contact us

Gabriela Kubicová

Lawyer, PwC Slovakia

Tel: +421 911 679 229

Nora Šajbidor

Manager, PwC Slovakia

Tel: +421 903 683 707

Follow us