The GDPR (General Data Protection Regulation) is designed to protect the privacy of all EU citizens and this will change the way the organizations store and use EU citizens’ data. Failure to meet the requirements of GDPR could also turn out to be an expensive expense. Here is summary of the penalty as it applied to articles in GDPR.
Penalty: Maximum penalty up to 4% of annual global turnover or €20 million, whichever is greater
Articles in GDPR:
5 – Principles relating to processing of personal data
6 – Lawfulness of processing
7 – Conditions for consent
9 – Processing of special categories of personal data
12 – Transparent information, communication and modalities for the exercise of the rights of the data subject
13 – Information to be provided where personal data are collected from the data subject
14 – Information to be provided where personal data have not been obtained from the data subject
15 – Right of access by the data subject
16 – Right to rectification
17 – Right to erasure (‘right to be forgotten’)
18 – Right to restriction of processing
19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing
20 – Right to data portability
21 – Right to object
22 – Automated individual decision-making, including profiling
Penalty: Maximum penalty up to 2% of annual global turnover or €10 million, whichever is greater
Articles in GDPR:
8 – Conditions applicable to child’s consent in relation to information society services
11 – Processing which does not require identification
25 – Data protection by design and by default
26 – Joint controllers
27 – Representatives of controllers or processors not established in the Union
28 – Processor
29 – Processing under the authority of the controller or processor
30 – Records of processing activities
31 – Cooperation with the supervisory authority
32 – Security of processing
33 – Notification of personal data breach to the supervisory authority
34 – Communication of a personal data breach to the data subject
35 – Data protection impact assessment
36 – Prior consultation
37 – Designation of the data protection officer
38 – Position of the data protection officer
39 – Tasks of the data protection officer
42 – Certification
43 – Certification bodies
