Skip to main content

What are the main changes in the GDPR?

The main changes in the GDPR are:

  • that the legislation is now technology neutral, so it applies to personal data held in any format whether paper or electronic, held in files, on laptops, phones, cameras, video tapes, audio recordings, emails, cloud storage, etc
  • the definition of Personal Data has changed to include location data and online identifiers
  • the definition of Sensitive Personal Data has been extended to include genetic and biometric data but only for the purpose of uniquely identifying a living individual
  • the term Sensitive Personal Data itself changes to Sensitive Category Data (SCD)
  • that data subject rights are extended and improved
  • the requirement to know and state – in fair processing notices – the lawful basis for all types of processing of personal and sensitive personal data, and for this to be made clear at all times
  • the introduction of compulsory data breach notification
  • increased fines for data, and notification, breaches
  • the requirement for transparency and accountability
  • increased responsibility of data processors for data processing.