The GDPR in 9 Moves

1 — INCREASED TERRITORIAL SCOPE

The GDPR applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.

2 — PENALTIES

Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

3 — CONSENT

The consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form.

4 — BREACH NOTIFICATION

Mandatory where a security breach is likely to “result in a risk for the rights and freedoms of individuals”.

5 — RIGHT TO ACCESS

The right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.

6 — RIGHT TO BE FORGOTTEN

Entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

7 — DATA PORTABILITY

People must be able to transfer personal data from one service provider to another more easily.

8 — PRIVACY BY DESIGN

The inclusion of data protection from the onset of the designing of systems, rather than an addition.

9 — DATA PROTECTION OFFICERS

• Must be appointed on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices.
• Must not carry out any other tasks that could results in a conflict of interest.

Adapted from the GDPR Portal.