The new European General Data Protection Regulation (GDPR) will come into force throughout the European Union on 25 May 2018. The GDPR will replace existing data protection laws throughout Europe and introduce significant changes and additional requirements that will have a wide ranging impact on businesses around the world, irrespective of where they operate.
The GDPR: The changes that will affect your business
The key changes and additional requirements are:
- European data protection law will now apply to organisations worldwide
- Tougher sanctions for non-compliance with fines of up to 4% of global worldwide turnover
- A new data breach notification obligation
- New data privacy governance, data mapping and impact assessment requirements
- A requirement to implement 'privacy by design'
- Strengthening of individuals' rights to personal data
- Enhanced requirements for the supply chain