1. GDPR is short for General Data Protection Regulation.
  2. GDPR are rules for the protection of personal data inside and outside the EU.
  3. The aim of GDPR is to give residents control over their personal data and unify the regulations within the whole Union.
  4. GDPR went into effect on May 25 ,2018.
  5. Seven key guiding principles to process personal data.
  6. GDPR covers aspects of data security, rights and freedoms of EU data subjects, regulatory compliance and risks, data governance and control of data.
  7. GDPR is enforced by the supervisory authority in each member state.
  8. GDPR affects any and every organization across the world that does business with people in EU member states.
  9. It makes organizations directly accountable for what they do and don’t do with sensitive EU citizen data. This also includes governments agencies and other public associations.
  10. There are a lot of processes and procedures to document!!
  11. Technology plays a very important role.
  12. GDPR allows for a 360 degree view of data subjects and a single source of truth.
  13. Certain organisations that process data may be required to appoint a Data Privacy Officer.
  14. The GDPR imposes a set of serious penalties on data controllers and processors for non-compliance.
  15. The GDPR maximum penalty is 4% of global annual turnover or €20 million – whichever is higher.
  16. A written warning can be sent to organisations in cases of first and non-intentional non-compliance.
  17. Fines under GDPR of up to 10€ million or 2% of annual worldwide turnover will be imposed on organisations that don’t uphold the obligations of data controllers.
  18. If an organisation incurs a data breach, they should notify the relevant authorities within 72 hours.
  19. Implementing the GDPR is not an option, but a legal requirement, which needs a high degree of commitment and resources.
  20. GDPR can offer numerous opportunities with a well-designed internal data protection framework.