Posted: by Jan Nawrot

Category: gdpr

What does the mysterious acronym of GDPR stand for?

As an entrepreneur you are definitely aware of the personal data that exist in company space. These are information about employees working for the organization (e.g. payrolls, complete personal data, photocopies of identity documents, ID or PESEL), as well as information about its clients (e.g. performed services, performed transactions and terms of cooperation). These data and their proper generation, processing and use are of great importance, but is it sufficient? This question is worth considering, as new European Data Protection Regulations come into force on May 25, 2018!

General Data Protection Regulation (GDPR) is an EU Regulation containing provisions on the security of individuals in connection with the processing of personal data and provisions on the controlled management of personal information within the framework of business entities. In theory, this means that the 28 Member States of the European Union will be obliged to use a uniform set of rules for the protection of disposable information. This Regulation is a strong signal sent all over the world, indicating that Europe treats privacy and protection very seriously.

How was GDPR set up?

The environment is changing dynamically due to the intensive development of information technology and the widespread use of the internet. Representatives of the countries, having regard to the well-being of their citizens and functioning of business entities, as well as the fact that the Data Protection Directive was quite obsolete (originating in 1995), came together to a conclusion that the only way to ensure effective protection of data is to bring about a new legal Regulation of this area. The creation of the Regulation was a long-term process. It all began on January 25, 2012, when the European Commission proposed a new General Data Protection Regulation. It then took some time, and on March 12, 2014 the first reading of the Regulation was submitted by the European Parliament. As there was more general interest in this topic among the public, the content negotiations between the Parliament, the Council and the Commission were swiftly held, and on December 15, 2015, the EU Council's preliminary (informal) approval for the implementation of GDPR was announced.

In January 2016, the formalities of the document entered the completion stage. The Regulation, worked out through a compromise, was translated into 24 languages by lawyer-linguists, and was forwarded to the first, official reading by the Council. In February, the European Parliament voted with a simple majority after the very first reading of the Council. This meant that if the Parliament were to approve the position of the Council, the rules would be adopted. And so it happened - the approved text was published in the Official Journal of the European Union between March and April. In May 2016, a huge 2-year countdown began, waiting for the application of GDPR in space.

Think of GDPR, there is not much time left...

The results of Trend Micro and VMware's survey show that the knowledge of GDPRs among the surveyed companies is low - 52% of them have not heard of the new data protection laws. There are speculations that this is due to the distant date of the Regulation. In addition, those who are aware of GDPR do not take steps to adjust their processes and technology to the new law. It's all because of the notion that the Regulation will not come into effect until 2018, so any preparatory work is postponed in time. Such behavior indicates great carelessness. In addition, there are severe consequences - penalties for failure to comply with the GDPR guidelines amounting to 20 million euros or 4% of the annual global turnover.

Lemlock ebook. Expert Guidebook: Three vievs on cybersecurity
Are you interested in a comprehensive solution
for your data security?
Consent to  data processing for contact purposes
I confirm that I have read the  information clause of Sagiton Sp. z o.o.

I hereby give consent to the processing of my personal data by the Personal Data Controller (hereinafter: "PDC") – Sagiton Sp. z o.o. ul. Fabryczna 19, 53-609 Wrocław, within the scope of: full name, e-mail address or telephone number, for the purpose of sale of products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and making contact with me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the removal of my personal data from the PDC Sagiton Sp. z o.o. database, by sending an e-mail to, or a letter to Sagiton Sp. z o.o., ul. Fabryczna 19, 53-609 Wrocław, with a statement containing the relevant request, which shall result in the deletion of my personal data from the PDC Sagiton Sp. z o.o. database; I have the right to access my data; providing my data is voluntary, however refusal to provide it is tantamount to not receiving information regarding sale of products and services of Sagiton Sp. z o.o., as well as not receiving feedback and making contact with me by Sagiton Sp. z o.o.

In accordance with Art. 13 section 1 of the General Data Protection Regulation of 27 April 2016, (GDPR), we would like to inform you that the controller of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław, e-mail:

Your personal data shall be processed within the scope of: full name, e-mail address and/or telephone number in order to answer your question/request for contact and send feedback – pursuant to Art. 6 section 1 (a) of the GDPR, i.e. consent to the processing of personal data.

The data controller would like to inform you that your personal data shall not be disclosed to third parties.

Your data shall not be transferred outside of the European Economic Area or to international organizations.

Your personal data shall be processed until you withdraw your consent to the processing of data, as well as if the purpose for processing this data shall no longer be applicable.

You have the right to access your personal data, rectify it, delete it, restrict its processing, the right to transfer it, as well as the right to object.

In the case of giving your consent, you have the right to withdraw it at any time. Exercising the right to withdraw the consent does not affect the processing carried out before the consent was withdrawn.

You have the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Providing your personal data is a prerequisite for making contact with you by Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław. In the case of not providing your personal data, Sagiton Sp. z o.o., shall not be able to contact you.

The Data Controller, Sagiton Sp. z o.o., would like to inform you that they shall not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects for you or affects you significantly in a similar way.

Let's stay in contact