European Union’s General Data Protection Regulation (GDPR) will come into effect in May 2018. The regulation put strong emphasis on data privacy and accountability of the businesses. Following are the key highlights of this regulation:
1. Data Controllers will be accountable to demonstrate compliance with the GDPR. They need to implement appropriate technical and organizational measures to ensure data protection by design and by default
2. Certain organizations may need to appoint a data protection officer
3. Organizations need explicit consent from natural person/Data subject for processing personal sensitive data.
4. Data Subject will have the right to withdraw consent
5. Controllers need to notify about the breach without delay and within 72 hours
6. Administrative fines up to 20 million EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.