What is GDPR?
The General Data Protection Act, GDPR, is considered to be the most significant piece of European data protection legislation to be introduced in the European Union, EU, in 20 years and will replace the the 1995 Data Protection Directive.
The GDPR regulates the processing of personal data about individuals in the EU including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual, also called a “data subject”.
It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.
The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.