On the 25th May 2018, the EU will introduce a new legislation called General Data Protection Regulation (GDPR) that will replace the current structure on the handling of data. It will apply to all businesses who supply goods and/or services to EU citizens and therefore handle personal data.
In addition, the GDPR contains the following changes:
- Enhanced documentation to be kept by data controllers.
- Enhanced privacy notices.
- More detailed rules regarding ‘consent’.
- Mandatory data breach notification requirements.
- Enhanced data subject rights.
- New obligations on data processors.
- Expanded territorial scope.
- Appointment of Data Protection Officers
Many of the implications of the new GDPR will affect companies on a commercial level. However, it also has an impact on many areas from a HR/employment perspective and fines for non-compliance can go up to a maximum of €20 million or 4% of global annual turnover (whichever is greater).
If you would like more information on GDPR please email email@example.com.