What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation for data protection. It applies to the processing of personal data of people in the EU by businesses that operate in the EU. It’s important to note that GDPR applies not only to firms based in the EU, but any organization providing a product or service to residents of the EU. The regulation pertains to the full data life cycle, including the gathering, storage, usage, and retention of data. It also creates the potential for headline-grabbing penalties in the event of data breaches.
GDPR supersedes Directive 95/36/EC, which is the existing EU regulation on data protection. This directive will be repealed on the same day that GDPR comes into force. Consequently, some firms will have to make big changes in how they gather, store, and use personal data. That’s not to say that the regulation is too broad and too hard to meet. Rather, much of what is required could be described as common sense and giving individuals an appropriate level of protection.
The regulation will take effect May 25, 2018. This is the date by which organizations must be compliant.