6
GDPR
Risk & impact
assessment
Privacy
by design
Breach
notication
Right to
be forgotten
Data
portability
Consent
Under the GDPR, individuals have a host of new
rights, including the right to be forgotten, which
means their personal data will be removed from
an organization's system. They have the right
to request that their PII not be processed for
direct marketing.
To increase transparency, the regulation
includes mandatory breach reporting rules that
require organizations report a breach within
72 hours of detection. In addition, the GDPR
sets out new record-keeping requirements for
managing, modifying, storing, and analyzing PII.
What does the GDPR cover?