GDPR in a nutshell

  • Is a new regulation aimed at strengthening and harmonizing data protection laws for individuals
  • Goes into effect May 25th 2018
  • Individuals now have the right to be forgotten, to access and to receive a copy of their personal data
  • Companies need to report a data breach within 72 hours
  • Serious infringements can result in fines up to 20 m € or 4% of the global annual turnover, whichever is greater
  • Companies are responsible
  • Companies that depend on processing personal information may need to designate a DPO
  • Introduces DPIA (Data Protection Impact Assessment) to identify high risks to the privacy of individuals
  • Data protection by design and by default
  • Companies have to implement appropriate technical and organizational measures to ensure a high level of security

* indicates required