Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In Europe, Middle East and Africa, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for seven consecutive years. These partners are highlighted below and throughout the editorial.
Click here for more details

Bulgaria > Legal Developments > Law firm and leading lawyer rankings


GDPR - Where did that come from?

Owing to our hard work on matters, related to the GDPR by assisting our clients with regard to the new policies required, we thought it would be interesting to highlight the ideas and grounds, hidden behind the new data protection requirement. Lately we've been working for companies, striving to become compliant with the new Regulation, which already entered into force on 25th of May 2018. The article draws attention to the relevant consecutive ongoings, which describe the necessity of a regulation, containing the best principles from the previous ones on the one hand, and guaranteeing adequate level of protection on the other.

At the base stand the so called "International Safe Harbor Privacy Principles", established at the end of 20th/sup> century, which seek to prevent the organizations located in the EU or USA who store customer data from accidentally disclosing or losing personal information. As a consequence of these Principles, the US Department of Commerce developed a privacy framework to correspond with the EU data protection legislation. In the year 2000, the EU Commission adopted a decision, which confirmed that the US companies guarantee the minimum level of protection when it comes to the usage of personal information of EU citizens. In other words the "Safe Harbour decision" stipulates that the United States' principles did comply with the EU Directive from 1995, known as Data Protection Directive.

And here come the most enthralling facts, which we will briefly summarize. In 2011, the Austrian student Maximilian Schrems, while studying law during a semester abroad at Santa Clara University in Silicon Valley, USA, made a request under the European "right to access" provision for Facebook's record on him and received a CD containing over 1,200 pages of personal data. All of the information had been transferred from Facebook's Irish subsidiary to servers located in the United States, where it was processed. If you ask why Facebook established a subsidiary of the company in Ireland and set up its international headquarters in Dublin, the answer is simple - to get access to the EU market and to benefit from the low Irish corporate tax rates. However, Max Schrems filed a first round of complaints against the company with the Irish Data Protection Commissioner in 2011. Later on, Schrems lodged a subsequent complaint with the Irish supervisory authority (the Data Protection Commissioner), taking the view that, in the light of the revelations made in 2013 by Edward Snowden, concerning the activities of the United States intelligence services (in particular the National Security Agency), the law and practice of the United States do not offer sufficient protection against surveillance by the public authorities of the data transferred to that country.

On October, 6th 2015, The Court of Justice, in its decision â„– C-362/14 declared that the Commission's US Safe Harbour Decision is invalid. Right after the court's decision, a huge legal gap appeared. The transatlantic exchanges of personal data for commercial purposes between the European Union and the United States had to be somehow regulated. The EU-US Privacy Shield as a replacement for the International Safe Harbor Privacy Principles was approved in its final version by EU Member States representatives on July, 8th 2016. The Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

On April, 14th 2016 the GDPR was approved and the enforcement date set for May 25th 2018. The new Regulation replaces the Data Protection Directive from 1995 and aims to harmonize data privacy laws across EU, to protect and empower all EU citizens' data privacy and to reshape the way organizations across the region approach data privacy. An interesting fact is that literally days before the enforcement of GDPR, The Facebook-Cambridge Analytica data scandal involved the collection of personally identifiable information of up to 87 million Facebook users. This popped up like a hot topic that paved the way of the Regulation.

The challenges companies are facing in connection to the implementation of the Regulation require a revision of data processing policies and establishment of measures to achieve compliance with the new rules. This will inevitably lead to the necessity of a team of experts who will need to combine their professional skills in various areas such as legal, IT, project management and compliance. When companies do not have the internal resources and methodology, it is advisable to engage outside experts and consultants who can assist throughout the process.

"Murgova and partners" Attorneys at law have already provided GDPR compliance services to a number of clients and we are working hard on the implementation of all requirements of the GDPR. This handled by our team of legal experts, working closely with our IT partners.    

"Murgova & Partners" Attorneys at Law

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

International Law Firm Networks

International comparative guides

Giving the in-house community greater insight to the law and regulations in different jurisdictions.

Select Practice Area

GC Powerlist -