The GDPR will replace the older EU Data Protection Directive at take effect May 2018. GDPR stands for the European Union General Data Protection Regulation.
The GDPR applies to all EU organizations, whether commercial business or public authority, that collect, store or process the personal data of EU individuals.
Organizations based outside the EU that monitor or offer goods and services to individuals in the EU will have to observe the new European rules and adhere to the same level of protection of personal data.
UK organizations handling personal data still need to comply with the GDPR, regardless of Brexit. The government has confirmed that GDPR will apply in the UK.
Fines-The GDPR allows DPAs to fine companies up to 4% of their international revenue or €20 million whichever is greater.
Key Aspects of GDPR
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Focus AreaHigh level approach
- GAP Analysis
- Policies, Data Privacy Impact Assessment
- Guidance in implementing technical
GDPR – Deliverables
- GAP Assessment Report
- Data Privacy Impact Assessment Report
- Polices for GDPR
- Privacy Governance Framework
- Audit Report