The new European General Data Protection Regulation (GDPR) came into force throughout the European Union on 25th May 2018. The GDPR is replacing existing data protection laws and introduces significant changes and additional requirements that have a wide ranging impact worldwide on the way organizations (and companies) are relying on data.
The legislation aims at changing people’s behaviour with regard to personal data that will have to be treated with much more attention.
The key changes and additional requirements introduced by the GDPR include: keeping records of data processing activities, providing information policies to data subjects, higher standards for consent (primarily for direct marketing which is not applicable to EIGA's activities), strengthening of individuals’ rights to personal data, a new data breach notification obligation, tougher sanctions for non-compliance, etc.
The new Regulation requires organizations to be transparent and inform data subjects on how their personal data is processed. Privacy notices should be drafted or updated in order to include all the mandatory information required by GDPR.
You can find links to these three Policies in the footer of each website page and we strongly encourage you to read them. The following links will also take you directly to the Policies: