The GDPR provides more privacy rights to EU individuals and places significant obligations on organizations. Some of the key changes are:
- Expanded rights for EU individuals: The GDPR provides expanded rights for EU individuals such as deletion, restriction, and portability of personal data.
- Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
- Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
- New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
- One stop shop: The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
