1. General Data Protection Regulation
GDPR
Conditions & Principles
Processing
Enforcement & Sanctions
Product design process
 Privacy by design
 Privacy by default
 Privacy Impact
assessment
Structuring data
 Anonymisation
 Pseudonimysation
 Profiling
Cross border data transfers
 EC model clauses
 BCR s
 Certification & codes of
conduct
 Privacy shield
 Other principles
Controller
 Accountability
 Information notices
 Internal records
 Data breach
reporting
Processor
 Internal records
 Written data
processing
agreement
 Direct responsibility
 Direct enforcement
Actors
 Controller
 Processor
 Data subject
 Supervisory authority
 Data Protection Officer
Data subject
 Right to obtain
information
 Right to rectification
 Right to object
 Right to erasure/to
be forgotten
 Data portability
Principles
 Performance of a
contract
 Legal obligation
 Vital interests data
subject
 Performance task of
public interest
 Legitimate interests
 Consent
Conditions
 Lawfulness, fairness
and transparency
 Purpose limitation
 Data minimisation
 Accuracy
 Storage limitation
 Integrity and
confidentiality
 Accountability
Mindmap GDPR Louwers Advocaten
Ten Hagestraat 5 | Postbus P.O. Box 440 | 5600 AK Eindhoven | Phone: +31 (0)40 2393 200
Zuid-Hollandlaan 7 | 2596 AL The Hague | Phone: +31 (0)70 240 0836
www.louwersadvocaten.nl
Sanctions
 10 mln /2% - annual
worldwide turnover
 20 mln /4% - annual
worldwide turnover
Enforcement
 National
enforcement powers
 One stop shop
 EDPD
Consent
 Explicit
 Informed
 Statement or clear affirmative
action
 Special categories of personal
data
 Children
Legend
Compared to the current situation:
 there is little practical differencefor most organisations
some changes arebroadly positive for most organisations
some changes arebroadly negativefor most
organisations.