On May 4, 2016, was published in the Official Journal of the European Union the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
On May 25, 2018, the transitional period of two years granted for the full implementation of the new rules ends. The organizations have until that date to complete their adaptation and implement the necessary changes.
Significant changes have been introduced. New obligations are imposed on those who are responsible for collect and process data. Non-compliance will be punished with high fines.
The data subjects have increased their rights and, consequently, those responsible for collecting and processing data have increased their obligations.
Concepts such as data portability and “forgetfulness”, pseudonymisation, and the right not to be subject to profiling should be largely dominated.
The new rules regarding obtaining the consent of the data subjects should be known, as well as what to do in case of data breaches and what to take into account in the realization of privacy impact assessments.
Inform yourself about the new rules introduced by this Regulation because only then you understand the impact it will have in your organization.