The General Data Protection Regulation (GDPR) is a new data protection law framework that affects all organizations imposing strict rules on those hosting and processing the data of European Union (EU) citizens.
Data Subjects Rights
Data Subjects (DS) refers to all natural persons whose personal data (PD) is processed by a controller or processor in line with GDPR art. 3.
Right to be informed
Right of access
Right to Rectification
Right to Erasure (Right to be Forgotten)
Right to Restriction of Processing
Right to Object
Right to Data Portability
PD breach communication
All the above DS rights are translated into implementation requirements for all organizations that store and process the data of European Union (EU) citizens. EU Commission explains data subject rights to EU citizens through this infographic.
Consequences of failing to comply with GDPR
If an organization infringes on multiple provisions of the GDPR, it shall be fined according to the gravest infringement. Depending on the degree of gravity of the infringement the following fines are to be expected:
Lower Level: Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements if it is determined that non-compliance was related to technical measures such as impact assessments, breach notifications and certifications (Articles 8, 11, 25-39, 41(4), 42, 43).
Upper Level: Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements in the case of non-compliance with key provisions of the GDPR. Examples that fall under this category are non-adherence to the core principles of processing personal data, infringement of the rights of data subjects and the transfer of personal data to third parties or international organizations that do not ensure an adequate level of data protection (Articles 5, 6, 7, 9, 12-22, 44-49, 83.6 and "Any obligations pursuant to Member State law adopted" under Chapter IX).
Read more about the Rules For Organisations and Rights For Citizens here.