Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What are the GDPR requirements?

Michael Nadeau | June 30, 2017
Here’s how the General Data Protection Regulation (GDPR) will change how companies process, store and secure EU customer data.

Article 35, impact assessments: Companies must conduct data protection impact assessments to identify risks to EU citizens. Those assessments also must describe how the company is addressing those risks.

Articles 37, 38 and 39, data protection officers: Some companies must appoint a data protection officer (DPO) to oversee data security strategy and GDPR compliance. Companies required to have a DPO process or store large amounts of EU citizen data, process or store special personal data, regularly monitor data subjects, or are a public authority. The International Association for Privacy Professionals (IAPP) estimates that 28,000 DPO roles will need to be filled.

Article 50, international companies: International companies that collect or process EU citizen data must comply with the GDPR.  

Article 83, penalties: Companies may be fined up to €20 million or 4 percent of global annual turnover, whichever is higher.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.