The much-anticipated General Data Protection Regulation has been hotly debated across Europe is now on the final stretch to becoming finalised.
So what will it actually mean for you and your business? Here is our guide to the Top 10 areas of impact.
View our GDPR video
Top 10 impacts of GDPR
1. It’s a regulation not a directive. GDPR will go into law directly in each EU country.
2. Marketing consent – explicit consent must be given by the data subject
3. Specified legitimate interests – less flexibility than before. Processing under legitimate interest may include
a. Processing for marketing – your own similar products and services
b. Postal direct marketing
c. Business contact details
4. You will need to store proof of an individual’s consent.
5. High risk data breaches must be notified to the individual without undue delay and you Data Protection Authority (that’s the ICO in the UK) where feasible within 72 hours.
6. Privacy Impact Assessments: these investigate how proposed processing affects an individual’s privacy. A process to identify and reduce privacy risks. PIAs should be conducted to avoid problems arising from new processes.
7. Data Protection Officer. Not yet clear if the role of DPO will become a mandatory requirement. May be required for organisations with 250 employees or processing 5,000 records p.a.
8. Profiling. Data subjects will have the right not to be subject to profiling – they can opt-out. Explicit consent will be required if legal or significant effects.
9. The right to Erasure. Has replaced ‘The right to be forgotten’. The data controller must erase data on request. Data can be retained for suppression.
10. Processor liability. Controller AND processor liable for compensation.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.