Skip to content
- Increased Fines for Data Loss – Fines can be up to 4% of global turnover or €20m
- Opt in Consent – Users must be given clear unambiguous consent; Data can be used for defined purposes only
- Breach notification- Local Supervisory Authority is to be notified within 72hrs
- Users should be notified without undue delay regarding any data loss
- Territorial: Any Organisation with data on EU individuals has to conform (worldwide)
- Enforcement consistency across all member states
- Joint Liability – Data Controllers + Processors both liable for data loss incidents
- Users Right to removal of data
- Removal of ambiguity: One law across EU
- Transfer of data outside of EU is allowed, however ALE will be responsible if any data is lost via non-EU Cloud Service Provider
- Collective Redress: Users* can work together to sue using class action
- Data controller’s right (ALE) to audit the data processor (CSP).