GDPR: changes and new developments in the regulations
Posted: Mon Dec 23, 2024 4:31 am
The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is very different from when the directive was established in 1995. In this article, we will cover the key points of the GDPR, as well as information about the impacts it will have on different businesses.
Greater territorial reach
The biggest change brought by the GDPR is the expanded jurisdiction of application. The new regulation will apply to all companies that process personal data of individuals residing in the french business fax list EU, regardless of the company's location.
Sanctions
Organisations found to be in breach of the GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious breaches – for example, not having sufficient customer consent to process data or violating the core concepts of Privacy by Design.
It is important to note that these rules apply to both controllers and processors, meaning that clouds will not be exempt from the application of GDPR.
Consent
The request for consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
Data Subject Rights under GDPR Notice of non-compliance
Breach notification will be mandatory in all member states where a data breach is likely to “result in a risk to the rights and freedoms of individuals.” This must be done within 72 hours of first becoming aware of the breach. Data processors will also be required to notify their customers, the controllers, “without delay” after first becoming aware of a data breach.
Right of access
Part of the expanded rights of the GDPR is the right of data subjects to obtain confirmation from the data controller: where they are being processed and for what purpose. In addition, the controller will be required to provide a copy of the personal data, free of charge, in an electronic format. This drastic change provides transparency in data, while empowering data subjects.
Greater territorial reach
The biggest change brought by the GDPR is the expanded jurisdiction of application. The new regulation will apply to all companies that process personal data of individuals residing in the french business fax list EU, regardless of the company's location.
Sanctions
Organisations found to be in breach of the GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). This is the maximum fine that can be imposed for the most serious breaches – for example, not having sufficient customer consent to process data or violating the core concepts of Privacy by Design.
It is important to note that these rules apply to both controllers and processors, meaning that clouds will not be exempt from the application of GDPR.
Consent
The request for consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
Data Subject Rights under GDPR Notice of non-compliance
Breach notification will be mandatory in all member states where a data breach is likely to “result in a risk to the rights and freedoms of individuals.” This must be done within 72 hours of first becoming aware of the breach. Data processors will also be required to notify their customers, the controllers, “without delay” after first becoming aware of a data breach.
Right of access
Part of the expanded rights of the GDPR is the right of data subjects to obtain confirmation from the data controller: where they are being processed and for what purpose. In addition, the controller will be required to provide a copy of the personal data, free of charge, in an electronic format. This drastic change provides transparency in data, while empowering data subjects.