In less than a year, on 2018-05-25, the new regulation will apply to organizations collecting or processing personal data (name, address, email, picture, etc) of EU residents.
It's full of interesting things, here a quick TL;DR (no guarantee of exactitude or exhaustiveness)
Obligations for organizations :
• obtain individual's explicit consent (opt-in) for data collection and processing,
• products and services must be compliant with the principles relating to personal data processing and protection, by design and by default.
• "pseudonymisation" of personal data (e.g. via encryption),
• obligation to report data breaches (if leaked personal data are not "pseudonymised")
• appointment of a "Data Protection Officer" for :
• all public authorities,
• and organizations whose core activities include large-scale monitoring, or perform certain "risky" data processing operations (on data like political, religious, sexual orientations, medical data, etc)
EU residents will have the rights:
• to object the use of personal data for the purposes of profiling
• to obtain data portability from one service provider to another
• to request rectification or erasure of personal data related to them
Fines are up to max(€20 million, 4% worldwide annual turnover)
Official documentation available there : http://www.consilium.europa.eu/en/policies/data-protection-r...
