We have identified the key changes of GDPR which entities will need to prioritise when adapting their strategies and compliance processes:
- Right to be Forgotten - The public will be able to demand the right to have their personal data deleted and destroyed by organisations.
- Data Portability - An individual shall have the right to receive their personal data concerning them, and have the right to transmit the data to another entity without hindrance from the original entity.
- Greater access to Data - GDPR gives people new rights over their personal data, which can be used against organisations in court.
- New powers for Data Protection Enforcers - Regulators will have considerable new powers, enabling them to intervene more readily in entities operations, and have the authority to impose harsher fines for non compliance.
- Power Shift - With the sweeping changes to the laws, informed customers will be emboldened to pursue complaints before regulators.