There are two strands to the legislation: the GDPR (General Data Protection Regulation), which governs the general use and privacy of EU citizens’ data, and the Data Protection Directive, which governs its use by law enforcement.
The laws cover all EU Member States and affect all companies which are active in the EU market and offer their products and services to EU citizens. Offending companies could face fines as high as four percent of worldwide annual turnover. Due to this we feel secuirty is not a nice thing to have but every business should have something in place.
Key sections in the new laws include the expansion of liability to cover data processors as well as data controllers; extension of the ‘Right to Be Forgotten’ – removing data which is deemed irrelevant or outdated and including the right of a consumer to stop a marketing company from profiling them; strengthening of requirements to give consent; establishment of a Centralized Supervisory Authority within each EU Member State; and the need for any public authority which processes data, and any company whose core activity consists of processing, to employ a data protection officer.