GDPR stands for General Data Protection Regulation.
It is the most important most in data privacy regulation in 20 years.
Approved by the EU Parliament on 14 April 2016.
Enforcement date is 25 May 2018 - at which time those organizations in non-compliance will face heavy fines.
Objectives: harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The regulation applies if the data controller (organization that collects data from EU residents) or processor (organization that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU.
personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.
To demonstrate compliance with the GDPR, the data controller should implement measures which meet the principles of data protection by design and data protection by default.
Valid consent must be explicit for data collected and the purposes data is used for.
If you require further information on GDPR you can visit eugdpr.org or get in touch at anytime for advice.