GDPR The General Data Protection Regulation
Penalties for non compliance
The GDPR provides supervisory authorities with wide-ranging powers to enforce compliance, including the power to impose significant fines. You may face fines of up to €20m or 4% of your total worldwide annual turnover of the preceding financial year. In addition, data subjects can sue you for pecuniary or non-pecuniary damages (i.e. distress).
Mandatory breach notification
Organisations must notify the supervisory authority of data breaches without undue delay or within 72 hours, unless the breach is unlikely to be a risk to individuals. If the risk is high to individuals they must be informed immediately.
Consumer consent to process data must be freely given and for specific purposes only. Consent must be explicit in the case of sensitive personal data or trans-border dataflow.
Customers must be informed of their right to withdraw their consent at any time.