2. What is the impact of GDPR?
The GDPR is an evolution of existing data protection regulations. The main changes that you should be mindful of are outlined below.
• New Privacy notices will be needed which outline who you are, what you are going to do with the personal data you are given, and what grounds you rely on for processing it.
• Consent conditions strengthened significantly – Consent must be informed, explicit and managed and consent can be withdrawn
• Data breaches must be notified within 72 hours of discovery
• Individuals right of access to their data expanded and can request erasure or correction
• Right to be forgotten
• Subject Access requests will be supplied free of charge, in shorter timescale & in portable format
• Data protection requirements passed down the supply chain.
• Data Protection Officer post mandatory for all public authorities
• Serious breaches of the legislation could lead to fines of up to 20 million euros