menu close NewsContact Us search close
Global Site close
  • Americas
  • Asia Pacific
  • Europe
  • Middle East and Africa
ArgentinaArubaBahamasBarbadosBoliviaBrazilCanadaCayman IslandsChileColombiaCosta RicaCuracaoDominican RepublicEcuadorEl SalvadorGuatemalaHondurasMexicoPanamaParaguayPeruPuerto RicoSaint MartinSurinameUnited StatesUruguayVenezuela
AfghanistanAustraliaCambodiaChinaFrench PolynesiaHawaiiHong KongIndiaIndonesiaJapanMacauMalaysiaMaldivesMongoliaMyanmarNepalNew ZealandPakistanPhilippinesSingaporeSouth KoreaSri LankaTaiwanThailandVietnam
AlbaniaAndorraArmeniaAustriaAzerbaijanBelgiumBulgariaCroatiaCyprusCzech RepublicDenmarkEstoniaFinlandFranceGeorgiaGermanyGreeceHungaryIrelandItalyKazakhstanLatviaLiechtensteinLithuaniaLuxembourgMaltaMoldovaNetherlandsNorwayPolandPortugalRomaniaSerbiaSlovakiaSloveniaSpainSwedenSwitzerlandTajikistanTurkeyUkraineUnited KingdomUzbekistan
AlgeriaAngolaBahrainCameroonCentral African RepublicCôte d’IvoireEgyptGhanaIraqJordanKenyaKuwaitLebanonLiberiaMaliMauritiusMoroccoMozambiqueNigeriaOmanQatarSaudi ArabiaSenegalSeychellesSierra LeoneSouth AfricaTanzaniaTogoTunisiaUgandaUnited Arab EmiratesYemenZimbabwe
Services
close Services
Tax
Services
Sectors
close Sectors
Sectors
Insights
close Insights
Insights
About Us
close About Us
About Us
Careers
close Careers
Careers
NewsContact Us
search close
Five key changes introduced by EU General Data Protection Regulations (GDPR)

Five key changes introduced by the EU General Data Protection Regulation (GDPR)

22/05/2017
Five key changes introduced by EU General Data Protection Regulations (GDPR)

The top 5 changes from the current legislation (Data Protection Acts 1988 and 2003) are:

1. Tougher sanctions for non-compliance
Failure to comply with the statute can result in heavy fines and restitution—upwards of 4% of your global revenue or €20m, whichever is higher (Article 83(5) of the regulation); Supervisory Authority not required to impose fines but must ensure sanctions imposed are effective, proportionate and dissuasive.

2. More individual rights
The regulation makes it considerably easier for individuals to bring private claims against data controllers and processors.

The regulation also gives people the right to have their personal data corrected if inaccurate, expands their right to remove irrelevant or outdated information and outlines the 'right of erasure' or right to be forgotten.

3. Concept of Accountability
The regulation introduces the concept of accountability. It requires organisations to demonstrate (and, in most cases, document) the ways in which they comply with data protection principles when transacting business.

4. Wider scope
Even if an organisation is not established within EU, it will still be caught by GDPR if it processes personal data of data subjects who are in the EU.

5. Mandatory breach notifications
You must notify the Data Protection Commissioner within 72 hours where breach is likely to result in a risk to the rights and freedoms of a natural person. You must also notify the data subject of the breach unless the breach is unlikely to result in a risk to the rights and freedoms of a natural person and appropriate technical and organisational protection was in place at the time of the incident. If in doubt – report it.

To find out how we can help you with your data protection requirements, contact a member of our Data Protection team.


Contact us:

Data Protection team
Roseanna O'Hanlon, Partner, Audit - Crowe Ireland
Roseanna O'Hanlon
Partner, Audit
+353 1 448 2200
View profile
Data Protection team