Under the new rules 

  • Individuals will have more information on (and control over) how their personal data is processed – data protection must be “by default” and “by design” for products and services and include adequate “affirmative consent”
     
  • Personal data will be portable, so it can be moved more easily between different organisations
     
  • The “right to be forgotten“ is clarified under the GDPR
     
  • Companies will have a greater level of accountability for managing data. This includes the obligation to inform national supervisory bodies of serious data breaches quickly, so appropriate remediation measures can be taken
     
  • Data protection authorities will be able to fine companies that do not comply up to 4 percent of global annual turnover