The Facts of the EU General Data Protection Regulations (GDPR)

Print this page Email a link to this page
twitterlinkedintwitterlinkedin

GDPR provides increased privacy for individuals and gives increased powers to regulatory authorities to take action against data controllers and data processors who don’t comply with it.

Deadline for compliance

  • 25th May 2018

Tougher Penalties

  • Fines of up to 4% of annual worldwide turnover or €20 million – whichever is greater

Wider Remit

  • GDPR applies to all organisations worldwide who: (1) provide goods and services to individuals within the EU (including free of charge); or (2) monitor those individuals behaviour;
  • Data processors now have direct regulatory obligations; and
  • Definition of “personal data” extended to include identifiers such as: (1) genetic; (2) mental; (3) cultural; (4) economic; and (5) social identity.

Increased rights for individuals

  • Right to be forgotten and erased from records;
  • Right to request a copy of personal data in a commonly used portable electronic format;
  • Consent means a clear statement or affirmative action which is freely given, specific, informed and unambiguous;
  • Parental/guardian consent required to process children’s data; and
  • Reduced time frame for controllers to respond to subject access requests and no ability to charge for such requests.

Changes for data controllers

  • Accountability – need to demonstrate compliance;
  • Mandatory appointment of data protection officers for certain data controllers;
  • Mandatory privacy impact assessments in certain situations;
  • Privacy by design is required;
  • Data breaches must be reported within 72 hours of becoming aware of the breach (unless low risk to individuals rights); and
  • No need to register with data protection authority.

Harmonisation

  • Increased co-operation and consistency between EU regulators;
  • A ‘one stop shop’ for data controllers across the EU.

Please click here to download the GDPR Factsheet.

For further information please contact Jill Dovey in the Commercial Team on 0191 211 7972 or [email protected]. You can also follow Jill, or ourselves, Muckle LLP on Twitter.