GDRP – Major Aspects of the Regulation

  • Increased Fines for Data Loss – Fines can be up to 4% of global turnover or €20m
  • Opt in Consent – Users must be given clear unambiguous consent; Data can be used for defined purposes only
  • Breach notification- Local Supervisory Authority is to be notified within 72hrs
  • Users should be notified without undue delay regarding any data loss
  • Territorial: Any Organisation with data on EU individuals has to conform (worldwide)
  • Enforcement consistency across all member states
  • Joint Liability – Data Controllers + Processors both liable for data loss incidents
  • Users Right to removal of data
  • Removal of ambiguity: One law across EU
  • Transfer of data outside of EU is allowed, however ALE will be responsible if any data is lost via non-EU Cloud Service Provider
  • Collective Redress: Users* can work together to sue using class action
  • Data controller’s right (ALE) to audit the data processor (CSP).

Leave a comment