1 comment

[ 2.6 ms ] story [ 13.8 ms ] thread
In less than a year, on 2018-05-25, the new regulation will apply to organizations collecting or processing personal data (name, address, email, picture, etc) of EU residents.

It's full of interesting things, here a quick TL;DR (no guarantee of exactitude or exhaustiveness)

Obligations for organizations :

• obtain individual's explicit consent (opt-in) for data collection and processing,

• products and services must be compliant with the principles relating to personal data processing and protection, by design and by default.

• "pseudonymisation" of personal data (e.g. via encryption),

• obligation to report data breaches (if leaked personal data are not "pseudonymised")

• appointment of a "Data Protection Officer" for :

• all public authorities,

• and organizations whose core activities include large-scale monitoring, or perform certain "risky" data processing operations (on data like political, religious, sexual orientations, medical data, etc)

EU residents will have the rights:

• to object the use of personal data for the purposes of profiling

• to obtain data portability from one service provider to another

• to request rectification or erasure of personal data related to them

Fines are up to max(€20 million, 4% worldwide annual turnover)

Official documentation available there : http://www.consilium.europa.eu/en/policies/data-protection-r...