GDPR - What are the Risks?

GDPR and public Cloud services – a fine waiting to happen

The GDPR enhances the rights and principles already defined in the
Directive and the DPA however it also introduces some more significant
changes such as the following:
Requirement to actively demonstrate compliance and document
processing activities.
Greater powers for supervisory authorities and increased reliefs available to
data subjects. The Office of the Data Protection Commissioner (ODPC) will
have the ability to issue fines for non-compliance for up to €10M or 2% of
global turnover (whichever is greater) for serious breaches and up to €20M
or 4% of global turnover (whichever is greater) for extremely serious
breaches.
Mandatory reporting of data privacy breaches to the appropriate
supervisory authority.
Introduction of ‘privacy by design’ as a concept when developing,
designing, selecting and using applications, services and products that are
based on the processing of personal data.
Requirement to complete Privacy Impact Assessments (PIAs) for change
activity where there is a “high risk to the rights and freedoms” of the data
subject or where processing is likely to be carried out on a large scale.
The ODPC in Ireland has urged organisations to begin preparing for GDPR
without delay and to carry out a review of all current and envisaged
processing activity. This is complemented by guidance from other
supervisory bodies such as the Information Commissioners Office (ICO) in
the UK who have advised organisations to consider the following:
information you hold; awareness and communication; rights of individuals;
data subjects access requests; legal basis for processing; consent;
processing of children’s data; data breach reporting; privacy by design and
PIA’s; data transfers and appointment of Data Protection Officers (DPO’s).

By Paddy Governey   Jul 16, 2018

Categories: GDPR INFO SEC