European General

Data Protection
Regulation (GDPR)
in 1 minute

Countdown to
compliance  25 May 2018
deadline

Territorial scope

EU based organisations that Organisations outside the EU that

collect or process the personal monitor behaviour or offer goods and
data of EU residents. services to EU residents.

Personal data
A wider definition of personal and sensitive data. 
Includes online identifiers, genetic and biometric data.

Cookies IP address Health Biometric Genetic

Data processors Cloud

services
GDPR applies directly
to service providers Call
that process personal centers
data on behalf of an
organisation. Payroll
services

Strengthens the privacy rights of individuals

VALID Consent TRANSPARENCY Correction

Stricter rules for The right to clear The right to rectify

obtaining consent information over what inaccurate personal
as a legal basis for data is collected and data.
processing. how it is processed.

Erasure Data portability automated processing

The right in certain The right to move The right not to be

cases to have personal data from one subject to a decision
personal data erased. service provider to based solely on
another. automated processing.

The obligations on organisations

Accountability Data protection impact data security

assessment (DPIA)

Demonstrate Mandatory if the Keep personal data

compliance by processing activity is secure through
maintaining a record likely to result in a high "appropriate technical
of all data processing risk to the rights of and organisational
activities. individuals. measures."

Data breaches Data protection data transfer

officer

Report data Mandatory if: Transfer of personal

breaches to the - public authority data outside the EU
regulator within 72 - monitoring individuals  only allowed if
hours. on a large scale appropriate safeguards
- processing sensitive data are in place.
and good practice for others.

The costs of non-compliance

Fines of up to  Compensation Reputational

€20 million or  claims for damages damage and loss of
4% global turnover. suffered. consumer trust.

The one-stop shop for 

GDPR compliance

Books Training Toolkits Consultancy Staff

awareness

For more information

UK Europe
itgovernance.co.uk itgovernance.eu
+44 (0)845 070 1750 00 800 48 484 484

North America Asia-Pacific

itgovernanceusa.com itgovernance.asia
+1 877 317 3454 00 800 48 484 484