GDPR | Many organisations still remain non-compliant. Is your business at risk to the GDPR regulation?

Benoît DuvieusartPartner, duvieusart ebel, avocats associés

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “General Data Protection Regulation” or “GDPR”) was approved by the EU Parliament in 2016 and will be directly applicable in all EU Member States as of 25 May 2018.

The GDPR aims at creating a high and uniform level of data protection throughout the EU fit for the digital era. It will give individuals greater control over their personal data as well as additional information on how their data is processed.

The GDPR includes provisions regarding:

  • –  a “right to be forgotten” (when an individual no longer wants his data to be processed, the data may be deleted);

  • –  clear and affirmative consent to the processing of private data by the person concerned;

  • –  Personal data breach notification (obligation for a business to report personal data breaches to the

    supervisory authority and, in some cases, to the data subjects);

  • –  “Privacy by design” (obligation to consider privacy and data protection in the initial phases of designing

    products, systems or processes involving processing personal data) and “privacy by default” (obligation to ensure that, by default, only personal data which is necessary for the specific purpose of the processing is processed);

  • –  significant sanctions (e.g. fines of up to 4% of firms’ global annual turnover) to deter violations of the GDPR.