The General Data Protection Regulation (GDPR) is new EU legislation that comes into force on 25th May 2018 and will apply to businesses of all sizes operating in EU.
GDPR Financial penalties - Increased fines
Penalties for not conforming to the legislation will increase under GDPR, creating a bigger risk for businesses. Under the existing Data Protection Act, security breaches could be met with a maximum fine of £500,000. With the introduction of GDPR, this increases to €20,000,000, or 4% of annual global turnover, whichever is greater
The right of access
New rules around personal information mean that customers have the right to access any information held about them by a business or organisation. Businesses are also obligated to securely delete data if a customer decides to stop using their services and asks to be ‘forgotten’.
GDPR Breach Notifications and faster reporting
Under GDPR, companies will be held to stricter regulations on reporting major data breaches to the authorities and customers. A breach must be reported within three days if it’s likely to pose ‘a risk for the rights and freedoms of individuals’, and data processors will need to inform their clients immediately.
Personally Identifiable Information (PII data)
GDPR expands the definition of personally identifiable, or PII, data to include things like genetic information, photos, social media posts, and IP addresses.
Opt in, not out - explicit consent required
To gain data consent from customers, companies will have to use clear opt-in tick boxes, rather than a potentially misleading opt-out box that’s commonly used now.
Loved the way VirtualCollege has depicted GDPR explanation in GIF files
Try world's 1st #SaaS #regTech platform http://FreshGRC.com to automate the GDPR compliance on the go with a straight forward 30$/user/month/module approach. write to sales@FixNix.co if you want to go through GDPR Compliance suite