GDPR applies to any business processing data of EU citizens regardless of where the business or data is located.
The scope of data covered under the regulation is greater than that of preceeding legislation.
Both data controllers and data processors have new responsibilities.
Subjects need to be informed of data held about them in a clear and concise manner.
The processing of sensitive data requires increased governance and control.
All businesses handling EU subjects' data need to be able to demonstrate compliance with the legislation.
Large businesses need to keep records of all processing activities and should ideally appoint a Data Protection Officer
Fines of up to 4% of annual business turnover can be imposed for serious contravention of the legislation.
Disclosure of data security breaches are mandatory.