GDPR – What Are The Key Changes?
There’s been a lot of hype about the General Data Protection Regulation (GDPR) and the maximum fines it’s introducing (up to €20,000,000 or 4% of turnover, whichever is higher). What businesses are struggling more with, however, is knowing what exactly is changing and what they need to do about it. This blog posts sets out the key changes introduced by the GDPR.
- Accountability. Businesses will need to be able to demonstrate compliance with the GDPR.
- Privacy Policies. Privacy polices will need to be updated and replaced with new GDPR complaint privacy policies. You can purchase a GDPR compliant privacy notice here
- Consent. Where you send marketing communications based on consent, that consent will need to be express.
- New Concepts. The GDPR introduces new concepts like ‘pseudonymisation’ and privacy by design and by default as well as data impact assessments.
- Documentation. Businesses with over 250 employees will need to keep records of their data processing activities.
- Data Processors. New obligations will be imposed on data processors.
- Breach Notification Requirements. The GDPR introduces new obligations to notify a supervisory authority in the event of a data breach.
- Subject Access Rights. Data subjects (i.e. individuals) will have new and enhanced rights in relation to the personal data organisations hold about them.
This is a very short summary of the key changes – we will be looking at some of these in more detail in future blog posts and how your business can prepare for the GDPR as easily and cost effectively as possible.