EU data protection regulation: what you need to know
The General Data Protection Regulation (GDPR) [...] represents a dramatic departure for EU regulators from the previous directive on data protection...
In recent decades, the arrival of the internet and the advent of mass data processing and analytics enabled EU citizens to generate vast quantities of data through browsing behaviour, social media and buying and selling online...
In drafting the GDPR, the EU is essentially [...] advertising itself as the leading global watchdog in the establishment of a new order with respect to the data rights of citizens.
One of the most significant changes within GDPR is its “expanded territorial scope”...
The new regulations also expand the material scope of data privacy. The definition of what constitutes “personally identifiable data” is being extended...
The GDPR is accompanied by an enforcement regime...; failure to comply is a not an option.
For businesses, GDPR will bring a number of operational requirements. Workplaces will need to implement new business processes such as privacy impact assessments, allocate new responsibilities such as data-protection officer and heed specific rules governing breach notification...
They will also need to have in place a protocol for dealing with subject access requests... Under GDPR individuals can invoke new rights, including erasure of personal data, correction of records, and even requests for data in accessible formats...
Companies [...] can inform themselves of their obligations and their employees’ rights by visiting the website of the Data Protection Commissioner (dataprotection.ie)