Span Data Protection Day

For the very first time in Croatia, Span hosted a conference on the new General Data Protection Regulation (GDPR) – the legal framework for adapting and amending the rules of personal data protection, confirmed and approved by the European Parliament in May of this year.

For more information and conference materials, do not hesitate to contact us at


 What is GDPR?

The GDPR is a European Union regulation which establishes a single set of rules for harmonized and consistent protection of personal data throughout Europe as a fundamental right of all individuals.


Which organizations will be affected by GDPR?

All organizations that have customers in Europe and process personal data of EU residents, regardless of whether their registered offices are in Europe or somewhere beyond its borders.  Organizations will be under the jurisdiction of the General Data Protection Regulation which will come into force in May 2018, leaving organizations with less than two years to prepare for the full implementation of the GDPR within their business operations.


“Right to erasure” principle

With regard to processing personal data, the GDPR introduces the new „right to erasure“ principle and mandatory notifying of users on all actions taken. Upon a user’s’ request, organizations have to completely erase their personal data within a specified period.

Also, individuals whose data was compromised by IT system breaches have to be notified by the organization without any delay, especially if such actions represent a significant threat to their rights and freedoms.


Dark data

The new age of cloud computing and big data created a culture of accumulating large volumes of data that led to an increase in the amount of so-called dark data and, according to a Global Databerg Report, most organizations don’t really know what more than half of their stored data contains – as much as 52% of processed data is considered dark data due to the fact that its content and purpose are not entirely known. This consequently increased the difficulty of finding the right data, and transferred the responsibility for data protection to the organization.


Draconian penalties

The General Data Protection Regulation will provide additional support to data protection agencies in defining the penalties for serious violations of data protection laws. The penalties and fines are amounting up to 4% of annual company revenue or 20 million euro, whichever is higher, and criminal liability is borne by the individuals in charge of personal data protection within the organization.

Any non-compliance with the GDPR will represent a significant financial and business risk for offending organizations.


General Data Protection Regulation: Preparation today – compliant tomorrow