Key Requirements:
• Lawful basis for processing: consent, contract, legal obligation, public interest, legitimate interest, vital interest, among others.
• Privacy by Design & by Default
• Mandatory appointment of a Data Protection Officer (DPO) and Data Protection Representative (DPR) for certain organizations
• Processor assessment and contractual obligations
• Breach notification to the national supervisory authority and, in certain cases, to the data subject
• Enhanced individual rights: access, information, erasure, objection, among others.