NOVELTIES IN THE GDPR
The regulation tightens the rules regarding how organizations operating in the EU may collect, access, store and manage personal data.
- Stronger requirements when affected persons require access to their own personal data
- Tighter requirements for how personal data is collected and what is considered consent
- Interested persons can have their data transferred from one organization to another
- Interested persons may have their data removed under certain circumstances
- Organizations affected by an incident must report this within 72 hours of the data breach being detected
Previously, the consequences of breaking the rules were not a big issue for many organizations, however, failure to comply with GDPR can result in fines of up to €20 million, or 4% of global turnover.