Data Protection

Ellex Raidla’s data protection experts advise clients on regulatory matters, records of processing activities, drafting internal rules, preparing respective contracts as well as in data protection disputes and communication with the authorities.
 
The partner responsible for this practice area Ants Nõmper is a member of the advisory board of the Estonian Data Protection Inspectorate.
 
On 25 May 2018, the General Data Protection Regulation (GDPR) of the European Parliament and Council entered into force in European Union member states. This means that all companies that store personal data must comply with the amended requirements for the collection, processing and storage of personal data.
 
  • GDPR applies to all organisations operating within the EU as well as organisations outside the EU that provide goods and services to EU citizens. The legislation will also apply to the UK after Brexit.
  • Organisations need to provide their clients with explicit information on why they collect data, who use the data and which third parties this data is shared with.
 
The primary new or specified data processing requirements are as follows:
 
1. The GDPR provides the obligation to record processing activities.
2. Processing involving an increased risk requires data protection impact assessment.
3. The requirements for obtaining consent for data processing are regulated in greater detail.
4. Data processors must notify data subjects on which data, for which purposes they process and to whom and what data is transferred and the purposes of the transfer.
5. The GDPR provides the right to data portability.
6. The GDPR provides the right to appoint a data protection officer for some entities.
7. The GDPR provides the principles of data protection by design and by default.
8. The GDPR extends the rights of data subjects.
9. The GDPR provides the obligation to notify the Data Protection Inspectorate of a data breach no later than within 72 hours as of the breach.
 
In light of the new GDPR, Ellex Raidla has put together a special work group that advises clients an all matters concerning this field: regulatory matters, records of processing activities, drafting internal rules, preparing respective contracts as well as in data protection disputes and communication with the authorities.
 
We also provide the DATA PROTECTION OFFICER SERVICE. Read more about it HERE.

Key contacts

Ants Nõmper

Managing Partner

Head of Intellectual Property & IT practice group
+ 372 640 7170
crypt:PGEgY2xhc3M9ImVtYWlsIiBocmVmPSJtYWlsdG86YW50cy5ub21wZXJAZWxsZXguZWUiPmFudHMubm9tcGVyQGVsbGV4LmVlPC9hPg==:xx
-

Eneken Tikk

Counsel

+ 372 640 7170
crypt:PGEgY2xhc3M9ImVtYWlsIiBocmVmPSJtYWlsdG86ZW5la2VuLnRpa2tAZWxsZXguZWUiPmVuZWtlbi50aWtrQGVsbGV4LmVlPC9hPg==:xx

Merlin Liis

Associate

+ 372 640 7170
crypt:PGEgY2xhc3M9ImVtYWlsIiBocmVmPSJtYWlsdG86bWVybGluLmxpaXNAZWxsZXguZWUiPm1lcmxpbi5saWlzQGVsbGV4LmVlPC9hPg==:xx

Kairi Kilgi

Associate

+372 640 7170
crypt:PGEgY2xhc3M9ImVtYWlsIiBocmVmPSJtYWlsdG86a2Fpcmkua2lsZ2lAZWxsZXguZWUiPmthaXJpLmtpbGdpQGVsbGV4LmVlPC9hPg==:xx