- GDPR is short for General Data Protection Regulation.
- GDPR are rules for the protection of personal data inside and outside the EU.
- The aim of GDPR is to give residents control over their personal data and unify the regulations within the whole Union.
- GDPR went into effect on May 25 ,2018.
- Seven key guiding principles to process personal data.
- GDPR covers aspects of data security, rights and freedoms of EU data subjects, regulatory compliance and risks, data governance and control of data.
- GDPR is enforced by the supervisory authority in each member state.
- GDPR affects any and every organization across the world that does business with people in EU member states.
- It makes organizations directly accountable for what they do and don’t do with sensitive EU citizen data. This also includes governments agencies and other public associations.
- There are a lot of processes and procedures to document!!
- Technology plays a very important role.
- GDPR allows for a 360 degree view of data subjects and a single source of truth.
- Certain organisations that process data may be required to appoint a Data Privacy Officer.
- The GDPR imposes a set of serious penalties on data controllers and processors for non-compliance.
- The GDPR maximum penalty is 4% of global annual turnover or €20 million – whichever is higher.
- A written warning can be sent to organisations in cases of first and non-intentional non-compliance.
- Fines under GDPR of up to 10€ million or 2% of annual worldwide turnover will be imposed on organisations that don’t uphold the obligations of data controllers.
- If an organisation incurs a data breach, they should notify the relevant authorities within 72 hours.
- Implementing the GDPR is not an option, but a legal requirement, which needs a high degree of commitment and resources.
- GDPR can offer numerous opportunities with a well-designed internal data protection framework.
10 septembre 20180