The EU’s new data protection rules will impact every entity that holds or uses European personal data both inside and outside of Europe, according to legal experts
Key changes to EU data protection introduced by the GDPR
- More rigorous requirements for obtaining consent for collecting personal data.
- Raising the age of consent for collecting an individual’s data from 13 to 16 years old.
- Requiring a company to delete data if it is no longer used for the purpose it was collected.
- Requiring a company to delete data if the individual revokes consent for the company to hold the data.
- Requiring companies to notify the EU government of data breaches in 72 hours of learning about the breach.
- Establishing a single national office for monitoring and handling complaints brought under the GDPR.
- Firms handling significant amounts of sensitive data or monitoring the behviour of many consumers will be required to appoint a data protection officer.
- Fines up to €20m or 4% of a company’s global revenue for its non-compliance.