On 25 May 2018, the General Data Protection Regulation (GDPR) entered into force, which at the EU level harmonizes the standard of personal data protection, including the application of the principles and the sanctioning criteria. The General Data Protection Regulation is binding and directly applicable to all organizations that process personal data, and non-compliance with this regulation represents a financial and reputational risk in an environment that increasingly values personal data
The new regulation, GDPR (General Data Protection Regulation), introduces a number of changes to the rules governing the protection of personal data, such as:
- obligation to apply personal data protection at the design phase (e.g. for IT solutions)
- obligation to maintain a record of processing activities
- obligation to perform a privacy impact assessment
- obligation to notify the data protection authority of data protection breaches
Failure to comply with the provisions of the new regulation may result in the imposition of a financial penalty by the data protection authority (up to EUR 20 million or 4% of annual turnover ).
Stay connected:
