The Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data, abbreviated to General Data Protection Regulation (GDPR), was adopted in April 2016. In order to comply with the new regulations that will apply to the whole EU, businesses will face the necessity of implementing numerous legal and organizational changes.
Organizations whose business activities rely mostly on processing personal data will find preparations for the new regulations all the more essential as:
- the definition of personal data, including identifying of the person related to the data, will be much broader,
- automated processing of personal data will be permitted under certain conditions,
-
the legal rights of the individual will be increased considerably,
- personal data processors, controllers and Data Protection Officers will have many new obligations related to providing technical and organizational protection of personal data,
- administrative fines for non-compliance with the Regulation can reach 20 million euros or 4% of an organization’s annual worldwide turnover. Moreover, individuals will have the right to judicial redress and claim compensation beyond the statutory fines.
Businesses need to prepare for the new regulations to avoid the substantial penalties and to treat them not as obstacles but as an opportunity to make their activities more effective.
