With the GDPR the work of compliance and data officers will not become sexier. Companies in the EU area and their lawyers should work on the compliance with the new requirements the General Data Protection Regulation (GDPR). In force as per May 25, 2017. My lawfirm has prepared clients for the GDPR requirements.
Personal Data in Europe under GDPR
Companies using personal data of European citizens should work on the compliance with the new GDPR requirements. Companies should have privacy notices and policies and analyse the legal basis on which personal data is used. Some of the issues the GDPR brings on:
- companies outside the EU targeting consumers in the EU will be subject to the GDPR
- data processors have direct obligations to comply with
- data controllers and processors must appoint a Data Protection Officer (the DPO)
- a written record of processing activities should be maintained carried out on behalf of each controller
- consent to processing of someone’s personal data must be as easy to withdraw as to give and must be ‘explicit’ for sensitive data
- data subject will have a right to object if personal data is processed for direct marketing
- data controllers must notify most data breaches to the DPA; Fines of up to 4% of total turnover can be imposed.
Regulatory and compliance on data processing has gone to the next level with the GDPR. Compliance and data officers will have extra work to do.