The General Data Protection Regulation (GDPR) is one of the most stringent privacy and security laws in the world. Although drafted and approved by the European Union, the regulation imposes obligations on organizations regardless of where they operate, as long as they target or collect data on people in the EU. The regulation came into effect on May 25, 2018. GDPR charges fines against those who violate its privacy and security standards, with sanctions amounting to tens of millions of euros.
The GDPR (General Data Protection Regulation) is a law for European Union data protection and privacy legislation in the EU and the EEA and the transfer of personal data outside the EU and the EEA. The main purpose of the GDPR is to provide individuals with control over their personal data and to simplify the regulatory environment for international affairs by unifying privacy laws in the European Union. The regulation is mandatory and all organizations that hold or process personal data must comply.
The rules entered into force on May 25th, 2018 and were reflected in the 2018 Data Protection Act. The regulation applies to both “operators” and “data processors” and covers old rules that have been consolidated, as well as a number of new rights for data subjects.
Personal data is data that refers to a person who can be identified directly or indirectly, and that are:
Personal data should be processed fairly, legally and transparently.
The GDPR applies to any organization operating in the EU, as well as to any non-EU organization providing goods or services to EU customers or businesses. This includes any website that is collecting directly, for their own purpose, or, indirectly, for third party apps and tools (e.g. Google Analytics) data about their visitors.
A person who has data about another person on a personal level, such as the phone number of a family member stored in a phone, will not have to consider the GDPR for that data.