What the New EU General Data Protection Regulation (GDPR) Means for You
The new EU General Data Protection Regulation (GDPR), which came into force on 24 May 2016, significantly increases its extra-territorial scope and the size of fines that can be levied against an organisation in the event of a cyber breach.
Some other key changes under the regulation include:
- A requirement for data controllers to demonstrate that consent was given and requirement for there to be “clear affirmative action”.
- Explicit consent required to collect sensitive data.
- Direct obligations on data processors.
- New restrictions on the profiling of data subjects.
- A requirement for organisations to be able to demonstrate and verify compliance.
- Organisations are required to notify a data breach to data subjects “without undue delay” when the data breach is “likely to result in a high risk to the rights and freedoms of natural persons”.
- New and enhanced rights for data subjects, including the right to erasure and enhanced subject access rights.
To learn more, read our latest adviser on the topic, which highlights the implications of the new Regulation and insurance implications it will bring about.