GDPR has brought substantial changes to data protection rules
Data protection principles under GDPR
Lawfulness and transparency
of personal data
Secure personal data in such a way that it prevents them from theft, loss or misuse or any other unlawful use (information security, technical, personal and organizational measures).
Maintain internal documentation including records of processing activities. Incorporate privacy into processes, services and products by design and by default. In case of high-risk operations conduct data protection impact assessment.
Notify the supervisory authority in case of a personal data breach with risks to individuals within 72 hours, if there are high risks directly notify affected individuals.
Data protection officer
Data protection officer (DPO) helps with data protection compliance. DPO is required for organizations with regular and systematic monitoring of data subjects on a large scale or processing special categories of data (e.g. healt related data) on a large scale. DPO is mandatory for public authorities or bodies, too.
Breaching the data protection obligations may result in significant fines up to €20 milion or 4 % of the worldwide annual turnover of the company.