Who will be affected by GDPR?
If you're a business that holds and stores personal data, then you need to be aware of GDPR and its requirements, especially as the definition of sensitive personal data has expanded to include genetic and biometric identity.
How will it affect your business?
When a consumer requests access to their data, businesses will no longer be able to charge a fee for doing so, and will have 40 days to disclose information.
The most important factor that businesses need to be aware of is the large increase in fines as a result of non-compliancy. Organisations face fines of up to €20 million, or 4% of their annual turnover, whichever is greater.
Plus, businesses will have 72 hours to disclose a serious data breach to the relevant authority (in the UK, that's the Information Commissioner's Office) as well as the victim of the breach. Failing to notify a breach will be up to €10 million, or 2% of revenues.