What is GDPR?
“The EU General Data Protection Regulation has three purposes. First, it updates the law in the light of how we use data today. Second, it aims to achieve greater harmony of data laws across the EU. Third, it seeks to export EU standards of protection wherever EU citizens’ data ends up. GDPR preserves many existing requirements such as that data processing must be fair and lawful, data can be transferred locally or internationally but must be kept safe and individuals can get access to their data and have it corrected. It also introduces a number of changes including tougher consent requirements, data protection to be baked in to systems and processes by “design & default”, mandatory breach notification, data portability and of course the notorious right to be forgotten. This is coupled with a massive jump in fines of up to €20m or 4% of global turnover for the most egregious breaches. GDPR becomes enforceable on 25 May 2018.”
Frank Jennings, Commercial & Cloud Lawyer at Wallace LLP, Host of “Technology and the Law with Frank Jennings”.