It is important that you understand and aware of the GDPR key changes and how to implement GDPR. To help you understand here are some key points.
GDPR applies to all companies that process personal data of people that are residing in the union, no matter where the company is located.
You must give data subjects more information when collecting their personal data.
There are now new regulations for gaining consents to collect personal data. Consent and explicit consent is now required to clear affirmative action.
The age barrier for collecting data is now 16, not 13.
You must delete data that you are not using for its original purpose.
People are now able to revoke their consent to data processing at any time, and it must be easy for them do this.
You have 72 hours to notify any data breaches to regulators, unless the breach is unlikely to result in a risk to data subjects.
There is a single national office for complaints.
Data controllers must appoint a Data Protection Officer.
If you don’t comply with GDPR you could face fines up to £18,000,000 or up to 4% of your annual turnover for the financial year.
GDPR applies to businesses with under 250 employees if you are processing data that is likely to result in risk to the rights of the data subjects, if the processing is frequent. If special categories are included.