The new rule on data protection entered yesterday, (25 / 05), in force and began to be automatically applied to all citizens and in all Member States of the European Union (EU). The new rule aims to strengthen people's rights.
The General Data Protection Regulation (RGPD) strengthens citizens' rights and introduces sanctions which can, in the most serious cases, be up to 20 million or 4% of annual worldwide turnover, whichever is the greater high.
In less serious cases of breach of personal data, penalties may be up to EUR 10 million or 2% of annual worldwide turnover. Citizens have to give explicit consent for their personal data to be used - and for what purpose - and to know that they can ask to be erased at any time.
The Regulation requires all security breaches that result in a risk to the rights of the rightholder to be communicated to the supervisory authority as well as to the data subjects.
The Regulation stresses the need to evaluate future data-processing projects in good time and accuracy in order to data protection and take appropriate measures to mitigate those risks.
