Control over personal data is shifting back to data subjects, as the GDPR puts a great emphasis on data subject rights and requests.
What is GDPR?
The General Data Protection Regulation is the latest European data privacy law that aims at changing the way EU citizens’ personal data is collected, processed and stored, transferring the power over personal data from companies to data subjects.
A person’s identity is no longer just a set of randomly floating data; the new law provides power, control and consent over the shared data.
According to the GDPR, consent must be obtained from data subjects before companies can collect any personal identifying information. It also brings a new perspective on consent management, in which the liberty to withdraw consent must be granted at any moment.
Even though the first step towards GDPR compliance is awareness and a thorough understanding of what changes the regulation has brought, acknowledging its impact over your organisation is the starting point towards compliance.