
New EU's data protection Regulation will apply in May 2018 - FoeNyx
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
======
FoeNyx
In less than a year, on 2018-05-25, the new regulation will apply to
organizations collecting or processing personal data (name, address, email,
picture, etc) of EU residents.

It's full of interesting things, here a quick TL;DR (no guarantee of
exactitude or exhaustiveness)

Obligations for organizations :

• obtain individual's explicit consent (opt-in) for data collection and
processing,

• products and services must be compliant with the principles relating to
personal data processing and protection, by design and by default.

• "pseudonymisation" of personal data (e.g. via encryption),

• obligation to report data breaches (if leaked personal data are not
"pseudonymised")

• appointment of a "Data Protection Officer" for :

• all public authorities,

• and organizations whose core activities include large-scale monitoring, or
perform certain "risky" data processing operations (on data like political,
religious, sexual orientations, medical data, etc)

EU residents will have the rights:

• to object the use of personal data for the purposes of profiling

• to obtain data portability from one service provider to another

• to request rectification or erasure of personal data related to them

Fines are up to max(€20 million, 4% worldwide annual turnover)

Official documentation available there :
[http://www.consilium.europa.eu/en/policies/data-
protection-r...](http://www.consilium.europa.eu/en/policies/data-protection-
reform/data-protection-regulation/)

