The new rules will introduce mandatory data
breach notification for all, joint and several liability for suppliers (data processors); tougher restrictions on the use of profiling and the collection and use of children's data;
enhanced rights for individuals; and a
requirement for most organisations to appoint a data protection officer.
The GDPR will implement more stringent operational
requirements for processors and controllers of personal data, including, for example, requiring
enhanced disclosures to data subjects about how personal data is processed, limiting retention periods of personal data, requiring mandatory data
breach notification, and requiring additional policies and procedures to comply with the accountability principle under the GDPR.