Module 19 2021

01/06/2021

GDPR – 2016/679 General Data Protection Regulation

What is required • Consent requirements tougher – specific not generic, clear plain language. Easy to withdraw consent. • Pseudonymous data remains personal data regardless of the number and nature of steps taken to key code • Genetic data derived from biological samples are personal data. • Right to be forgotten • Data Portability

23

GDPR – 2016/679 General Data Protection Regulation

• Technical standards • Commission can issue technical standards related to implementation of GDPR requirements • Mandatory Privacy Officer • Fines and Penalties for breach • Up to 4% of annual worldwide turnover for serious breaches • Up to 2% of annual worldwide turnover for other breaches • Privacy by design is now a legal requirement no longer just best practice

24

12