Under the new rules 

  • Individuals will have more information on (and control over) how their personal data is processed – data protection must be “by default” and “by design” for products and services and include adequate “affirmative consent”
  • Personal data will be portable, so it can be moved more easily between different organisations
  • The “right to be forgotten“ is clarified under the GDPR
  • Companies will have a greater level of accountability for managing data. This includes the obligation to inform national supervisory bodies of serious data breaches quickly, so appropriate remediation measures can be taken
  • Data protection authorities will be able to fine companies that do not comply up to 4 percent of global annual turnover