Image for post
Image for post
Here’s a fresh truth bomb (photo from Pixabay.com)

10 reasons why the GDPR is the opposite of a ‘notice and consent’ type of law

A ‘notice and consent’ privacy law puts the entire burden of privacy protection on the person and then it doesn’t really give them any choice. The GDPR does the opposite of this.

1. Data Protection by Design and by Default is a legal obligation

2. Data Protection Impact Assessments are mandatory for large scale and other complex processing

3. All processing of personal data must be fair

Image for post
Image for post

4. There must be a specific, well defined reason for all collection or uses of personal data

5. Data grabs unrelated to the purpose of processing are illegal

Image for post
Image for post

6. The person can actually do things related to how his or her personal data is handled

7. State of the art security is an obligation

8. There is someone in each organization engaging in complex processing whose job is to ensure personal data are processed fairly and lawfully

9. Personal data is followed through the vendor maze

10. All processing of personal data must be kept in a comprehensive and updated Record

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store