General Data Protection Regulation (GDPR) Explained


The General Data Protection Regulation (GDPR) is new EU legislation that comes into force on 25th May 2018 and will apply to businesses of all sizes operating in EU.

GDPR Financial penalties – Increased fines

Penalties for not conforming to the legislation will increase under GDPR, creating a bigger risk for businesses. Under the existing Data Protection Act, security breaches could be met with a maximum fine of £500,000. With the introduction of GDPR, this increases to €20,000,000, or 4% of annual global turnover, whichever is greater

The right of access

New rules around personal information mean that customers have the right to access any information held about them by a business or organisation. Businesses are also obligated to securely delete data if a customer decides to stop using their services and asks to be ‘forgotten’.

GDPR Breach Notifications and faster reporting

Under GDPR, companies will be held to stricter regulations on reporting major data breaches to the authorities and customers. A breach must be reported within three days if it’s likely to pose ‘a risk for the rights and freedoms of individuals’, and data processors will need to inform their clients immediately.

Personally Identifiable Information (PII data)

GDPR expands the definition of personally identifiable, or PII, data to include things like genetic information, photos, social media posts, and IP addresses.

Opt in, not out – explicit consent required

To gain data consent from customers, companies will have to use clear opt-in tick boxes, rather than a potentially misleading opt-out box that’s commonly used now.

Loved the way VirtualCollege has depicted GDPR explanation in GIF files

Try world’s 1st #SaaS #regTech platform to automate the GDPR compliance on the go with a straight forward 30$/user/month/module approach. write to if you want to go through GDPR Compliance suite

Leave a Reply

Your email address will not be published. Required fields are marked *