ENTIRELY REMOVING THE PREVIOUS NOTIFICATION SYSTEM, THE NEW REGULATION FORCES THE APPOINTMENT, IN SOME CIRCUMSTANCES, OF A PERSONAL DATA OFFICER, SO AS TO ENSURE THE ENFORCEMENT OF THE LAW.
- when the processing is conducted by a public authority or body, excepting the courts of law acting in the exercise of their jurisdictional function;
- when the main activities of the operator or the person empowered by him consist in a large scale processing of special data categories which require a periodic and systematic monitoring of the people concerned;
- when the main activities of the operator or the person empowered by the operator consist in a large scale processing of special categories of data or some other private data categories regarding criminal convictions and offences.
Entities not complying with this obligation may be fined with up to 10 million EUR, or 2% of the total turnover obtained in the previous financial year.
Issuer of the GDPR: the European Parliament