What changes has the GDPR brought?

The GDPR is a new regulation designed to secure the personal data rights of EU residents. It imposes new rules on organisations that govern how they process and store personal data. The GDPR also provides individuals with certain rights over their personal data, including the rights to access, correct and delete personal data.

  • Personal privacy
  • Transparent policies
  • Controls and notifications
  • IT and training
  • Individuals have the right to:

    • Access their personal data
    • Correct errors in their personal data
    • Erase their personal data
    • Object to processing of their personal data
    • Export personal data
  • Processors are required to:

    • Provide clear notice of data collection
    • Outline processing purposes and use cases
    • Define data retention and deletion policies
  • Processors will need to:

    • Protect personal data using appropriate security practices
    • Notify authorities within 72 hours of breaches
    • Receive consent before processing personal data
    • Keep records detailing data processing
  • Processors will need to:

    • Train privacy personnel & employees
    • Audit and update data policies
    • Employ a Data Protection Officer (only required by those meeting certain criteria)
    • Create & manage processor/vendor contracts