Entry into force of the European General Data Protection Regulation
On May 25, 2018 the "General Regulation of European Data Protection" also known as "GDPR," enacted by the Parliament of the European Union on April 14, 2016, will come into force.
One of the major modifications with respect to the current regulation (Data Protection Directive 95/46 / EC) is that it will be applied extraterritorially. The obligated subjects will be all those companies that process personal data of residents of the European Union, whether the companies are inside or outside the European Union.
Among its provision, the most important ones are: (i) the obligation to obtain the consent of data subjects through intelligible and simple to understand forms; (ii) the obligation to notify any data leaks; and (iii) the right of data subjects to: (a) know if and for what purpose they are processing their respective data; (b) the deletion of your personal data when it so requests; and (c) the possibility of downloading all the personal data that it refers to.
The maximum penalty for non-compliance is the payment of 4% of the total annual business volume or 20 million euros, whichever is greater.