The General Data Protection Regulation (GDPR) aims to protect EU individuals (referred to as data subjects in the GDPR) from data breaches and privacy infringements. This regulation introduces major changes in data protection laws and will come into effect on May 25, 2018.
Organisations now have more obligations towards their data subjects. They are required to not change the use of collected data from the scope for which it was initially collected. Nor are they to hold data longer than needed.
Key features you need to know about;
- Right to be forgotten
Also known as the right to erasure or data erasure. Data subjects are entitled to withdraw their consent, have unnecessary personal details deleted or have the controller erase all their personal data altogether.
- Right to data access and portability
This rule entitles data subjects to get a confirmation regarding their personal data and whether it is being processed as well as where and for what purpose. Data subjects have the right to receive data which concerns themselves.
- Explicit consent
Consent must be explicit, clear, easily accessible and intelligible. It is also required to be freely given and as easily withdrawn.
- Breach notification
Organisations and businesses have 72 hours from the awareness of a breach of data protection to report to inform the data protection officers…
- Privacy by design
This is an approach to projects, products or services requiring organisations to think in advance and embed privacy measure right from the start.
- Stricter penalties
Data controllers can face severe penalties under the new regulation. For the most serious infringements, fines can go up as high as EUR20 million or 4% of the annual turnover.
- Data Protection Officers
Any organization or business that processes personal data is required to appoint a data protection officer (DPO) to make sure that all the processes follow the requirements set out.
How will GDPR impact your business?
Firstbridge can help you prepare for the changes GDPR will bring. Contact our team of experts to learn more about how GDPR will affect your business.