The General Data Protection Regulation (GDPR) takes effect on May 25, 2018. The GDPR will implement more stringent operational requirements for processors and controllers of personal data, including, for example:
- expanded notices about how personal information is to be used,
- limitations on retention of personal data,
- increased requirements to delete or hand over an individual's information upon request,
- mandatory data breach notification requirements,
- requirements to maintain records of data processing activities and transfers of personal data, and
- higher standards for data controllers to demonstrate that they have obtained valid consent for certain data processing activities.
Compliance with GDPR is especially important given the potential fines (up to EUR 20 million or 4% of a business's worldwide annual turnover) that can be imposed for breaches.
Read our FAQ's to learn more:
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.