- Data of any EU citizen / entity cannot be shared without explicit consent. Terms & Conditions / Privacy checkbox doesn’t suitably give consent as per this law. Explicit consent is required
- Records of when consent was given, how, what time, when revoked, etc. must be stored
- Any breach of data or hacking must be informed to the stakeholders within 72 hours
- It applies to whole of EU
- Consent can be withdrawn anytime & when they want, and data processor / controller must comply
- There is an option for right to be forgotten. If someone says to a data processor / controller that “FORGET ME” they must remove all data on them. It applies to all places which store & process / control the relevant data
- GDPR applies to Production environment of Digital Systems which have data on EU citizens or entities. If Test / Pre-Production environment has unmasked data of EU citizens / entities again this law applies
- https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/
General Data Protection Regulation (GDPR) – Layman’s Introduction
