Organisations will have to think harder about privacy.
The regulation mandates a “Risk Based Approach:” where appropriate organisation’s controls must be developed according to the degree of risk associated with the processing activities.
Where appropriate, privacy impact assessments must be made – with the focus on protecting data subject rights.
Data protection safeguards must be designed into products and services from the earliest stage of development – Privacy by Design.
Privacy-friendly techniques such as pseudonymisation will be encouraged to reap the benefits of big data innovation while protecting privacy.
There is an increased emphasis on record keeping for controllers – all designed to help demonstrate and meet compliance with the regulation and improve the capabilities of organisations to manage privacy and data effectively. There is an exclusion for small businesses (less than 250 staff) where data processing is not a significant risk.