On 25 May 2018, the General Data Protection Regulation (GDPR) will come into force in the European Union. According to new rules, the provisions of the Regulation on collecting, storing, using, transmitting and removing information of the people that reside in the territory of the European Union, including the rules reflecting directly or indirectly personal information such as their name, ID number, physical, psychological, genetic, intellectual, economic, or social features, have been made much stricter.

Individuals collecting or using personal information of people that reside in the European Union, i.e. companies that sell goods or services to the EU residents must follow the new rules. That is, new rules will apply to companies selling goods or services to the subjects of the European Union even if they are located outside the European Union.

Companies that fail to comply with the GDPR rules and not follow required standards while organizing and working with personal data are penalized at a rate of 4% of annual revenues of the company in question (global income) or up to 20 million euros.

Azerbaijani companies which collect and store personal information of individuals residing in the European Union, including the citizens of EU member states, also fall within the scope of these rules and may confront such risk. It shall be noted that negative legal impacts of such breach is not limited to fines, and may also include other tools of enforcement or injunctions.

Azerbaijani hotels and tourism companies, transport companies engaged in passenger transportation, companies selling goods or services to the EU member states via internet will fall within the ambit of new rules.

You can contact Caspian Legal Center for details on whether GDPR applies to your company, as well as for detailed legal support in order to meet the new standards and avoid potential legal risks.