The GDPR (General Data Protection Regulation) is designed to protect the privacy of all EU citizens and this will change the way the organizations store and use EU citizens’ data. Failure to meet the requirements of GDPR could also turn out to be an expensive expense. Here is summary of the penalty as it applied to articles in GDPR.

Penalty: Maximum penalty up to 4% of annual global turnover or €20 million, whichever is greater

Articles in GDPR:

5 – Principles relating to processing of personal data

6 – Lawfulness of processing

7 – Conditions for consent

9 – Processing of special categories of personal data

12 – Transparent information, communication and modalities for the exercise of the rights of the data subject

13 – Information to be provided where personal data are collected from the data subject

14 – Information to be provided where personal data have not been obtained from the data subject

15 – Right of access by the data subject

16 – Right to rectification

17 – Right to erasure (‘right to be forgotten’)

18 – Right to restriction of processing

19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing

20 – Right to data portability

21 – Right to object

22 – Automated individual decision-making, including profiling

Penalty: Maximum penalty up to 2% of annual global turnover or €10 million, whichever is greater

Articles in GDPR:

8 – Conditions applicable to child’s consent in relation to information society services

11 – Processing which does not require identification

25 – Data protection by design and by default

26 – Joint controllers

27 – Representatives of controllers or processors not established in the Union

28 – Processor

29 – Processing under the authority of the controller or processor

30 – Records of processing activities

31 – Cooperation with the supervisory authority

32 – Security of processing

33 – Notification of personal data breach to the supervisory authority

34 – Communication of a personal data breach to the data subject

35 – Data protection impact assessment

36 – Prior consultation

37 – Designation of the data protection officer

38 – Position of the data protection officer

39 – Tasks of the data protection officer

42 – Certification

43 – Certification bodies

Subscribe
Notify of
guest

0 Expert Comments
Inline Feedbacks
View all comments
Information Security Buzz
0
Would love your thoughts, please comment.x
()
x