GDPR Financial Penalties - Increased Fines
One of the biggest impacts for businesses is that penalties for not conforming to legislation can result in very hefty fines. Under the Data Protection Act, security breaches could result in fines of up to £500,000. Under the GDPR, this will increase to a maximum of €20 million, or 4% of annual global turnover.
The right of access
Under GDPR, customers of any business or organisation will have the right to access any personal information held about them. They can also ask to be ‘forgotten’ if they withdraw consent for their data to be used, which means companies will have to securely delete their data.
GDPR Breach Notifications & Faster Reporting
GDPR means that companies will have a much smaller window for reporting data breaches to their customers and the authorities if they happen. Any security breach likely to result in ‘a risk for the rights and freedoms of individuals’ must be reported within 3 days. Data processors will also have to immediately inform their clients (the data controllers) after becoming aware of a data breach.
Personally Identifiable Information (PII Data)
The definition of PII data (personally identifiable information) is being expanded under GDPR to include IP addresses, genetic information (DNA), social media posts, photos, and more.
Opt In, Not Out - Explicit Consent Required
Companies will no longer be able to use pre-ticked, or opt out options to gain data consent from customers. A clear, positive opt in tick-box must be used.