GDPR Overview

Napthens - August 17th 2017

By way of a high level overview the GDPR will focus on whether organisations are practically compliant and presents:

  • greater rights for data subjects both in their ability to make an access request and control over their data which can be summarised as “delete it, freeze it and correct it”
  • a greater importance on the legal basis for processing data
  • a focus on transparency in the provision of information
  • stricter conditions for obtaining consent from a data subject for processing
  • consequently a greater importance in adequately establishing a legitimate interest condition
  • pressure on business to strike a balance between providing data subjects with significantly more information but in a format which is in plain language, concise and in an easily accessible form
  • an obligation on certain sectors to appoint a Data Protection Officer (“DPO”)
  • a tightening up of the rules in relation to data processors, rendering the processor directly liable for any compliance failure
  • notification obligations on those who commit a breach
  • tougher penalty regimes for non compliance