Based on the new regulation:
Individuals (consumers, clients, suppliers, employees) have increased rights compared to the past, the exercise of which can pose a challenge and divert unprepared businesses from their daily operations.
The way personal data is collected and the way individuals are informed about it is changing.
The business will not be able to ignore requests from individuals and will not only have to respond to them within tight deadlines, but also have designed internal processes and policies aimed at protecting them.
The supervisory authority for compliance with the Regulation will now have the freedom and authority to independently approach any business and conduct inspections regarding the company's compliance with the provisions of the Regulation. In the past, a complaint was required for the supervisory authority to initiate inspections.
The undertaking shall bear the burden of proof regarding its compliance with the provisions of Regulation
The supervisory authority of our country will be subject to the European Commission, to which it will provide reasoned reports regarding violations and findings it makes, etc., which means that the same violation, whether it occurs in France, Germany, or Greece, will be treated equally by the European Commission.
In case of theft or destruction of personal data files, the business has an obligation to take action both towards the supervisory authority and, on a case-by-case basis, towards the affected individuals involved in the incident.
Compliance with the provisions is not a one-off (i.e. the actions were done once and nothing else is needed) but should be checked every year.
Depending on the violation that is identified, there may be different fines imposed, the amount of which can create a serious problem for the respective company.
For a certain number of employees and above, there is an obligation for the company to maintain records of personal data, where specific information will be included.
The Data Protection Officer (DPO) becomes part of the business's operations.
The most important thing of all is the reputation that will follow a company in the industry it operates in, in the event that any of the violations specified in the Regulation are identified, along with the procedures it must follow in order to prove its respective position.