GDPR enforceable as of
May 25, 2018
Since financial institutions offer ancillary services to its customers, they will be held responsible for all third-party data management.
They will also need to know where their customer data is stored at all times, as well as how it is stored and what risks they could incur.
For healthcare industries, genetic and biometric data will now be subject to a higher standard of protection.
The processing of these forms of personal data will be prohibited unless certain conditions are met.
The hospitality industry will have to outline its guidelines for collecting and managing personal information.
They must provide a comprehensive account of why they need to process personal data and how long they plan to store it.
Marketing organizations that engage with third-party vendors to track users and collect data will be held responsible for data security and breaches of their data processors’ applications.
Agencies will have to develop campaigns to acquire customers while sharing data subject information with partner companies.
UX and UI organizations will have to build interfaces that adhere to the data capture, erasure, and consent principles stipulated by the GDPR.
They will also have to provide varied levels of granularity to users—catering for consent at different stages of processing.