the fines for this are crazy, like billions scale.
Went into effect in 2016
EU has different laws:
“GDPR applies to companies based in the EU and companies who have EU citizens as customers”
So, even though the UK is leaving the EU, UK companies may still be bound by GDPR.
If you get arrested, your mugshot will be scraped by websites that demand payment to take them down. This is bad.
GDPR says people should have the ‘right to be forgotten’. This used to exist, but no longer.
GDPR addresses ‘processing personal data’ of subjects who live within the European economic area.
processing includes storage.
GDPR also regulates the export of data out of the EU.
Controllers and processors of personal data must “put into place appropriate technical and organizational measures” to implement data protection principles.
Systems must be designed with privacy in mind
No personal data may be processed unless under one of these things:
other reqs
There must be a Data Protection Officer responsible for GDPR compliance
Data breaches must be disclosed within 72 hours if they have an adverse effect on user privacy.
Time of breach to time of notification averages 6 to 7 months in the US.