On May 25th, the EU will introduce new legislation called General Data Protection Regulation (GDPR) that will replace the current structure on the handling of data. It will apply to all businesses who supply goods and/or services to EU citizens and therefore handle personal data.
The GDPR contains the following changes:
· Enhanced documentation to be kept by data controllers.
· Enhanced privacy notices.
· More detailed rules regarding ‘consent’.
· Mandatory data breach notification requirements.
· Enhanced data subject rights.
· New obligations on data processors.
· Expanded territorial scope.
· Appointment of Data Protection Officers
Many of the implications of the new GDPR will affect companies on a commercial level. However, it also has an impact on many areas from a HR/employment perspective and fines for non-compliance can go up to a maximum of €20 million or 4% of global annual turnover (whichever is greater).