>There's is a lot of implicit contracts (you filled up our sign up form? Well, then you chose to give us your data. ...) //
AIUI that's one of the main changes, that explicit consent is now needed to retain data and specific details of how it will be secured, who it might be passed to, must be given. Also that if the service being offered doesn't need the data, that the company offering the service can't insist on having it.
It is a big thing for micro-businesses and SMEs in the UK - despite having data protection laws already - it does change the complexion of how one handles PII and the embedded assumptions. We're talking about businesses many of whom have paper bookings diaries - the diary apparently needs to now be secured, whilst it's always sat on the counter before; that's a costly structural/workflow change (unlock the diary for every phone call!).
AIUI that's one of the main changes, that explicit consent is now needed to retain data and specific details of how it will be secured, who it might be passed to, must be given. Also that if the service being offered doesn't need the data, that the company offering the service can't insist on having it.
It is a big thing for micro-businesses and SMEs in the UK - despite having data protection laws already - it does change the complexion of how one handles PII and the embedded assumptions. We're talking about businesses many of whom have paper bookings diaries - the diary apparently needs to now be secured, whilst it's always sat on the counter before; that's a costly structural/workflow change (unlock the diary for every phone call!).