Steps towards GDPR Compliance
The EU General Data Protection Regulation (Regulation 2016/679, or “GDPR”) came into force on 25 May 2018 and provides a new legal framework for privacy and data protection in the European Union. The GDPR replaces the 1995 Data Protection Directive, which is transposed into each EU member state’s national laws. While the GDPR resembles the principles of the Data Protection Directive, it has some important new key elements.
Our Privacy & Data Protection Team has published a brochure which describes the new key elements in the GDPR, the GDPR’s data processing principles and the steps an organization should take towards compliance with the GDPR.
NEW KEY ELEMENTS
- Fines for non-compliance of up to 20 million Euros or 4% of your organization’s global annual turnover
- New rights for data subjects, such as ‘the right to be forgotten’ and ‘data portability’
- Data breach notifications
- Data Protection Impact Assessments (DPIAs)
- Additional requirements for engaging data processors
- Privacy notices: additional information requirements
- Extended transparency requirements towards data subjects
- Accountability: requirement to demonstrate compliance with the GDPR
THE GDPR’S DATA PROCESSING PRINCIPLES
The GDPR relies on a few core principles which set out what organizations should do when processing personal data.
STEPS TOWARDS GDPR COMPLIANCE
The GDPR describes how organizations should comply with its principles. We advise organizations to take the following steps towards compliance with the GDPR.
For more information on Privacy & Data Protection and the GDPR in particular, please contact one of the our specialists from Houthoff’s Privacy & Data Protection Team.