GDPR, or the General Data Protection Regulation is a 2016 European Union (EU) law that went into effect in May of 2018. It relates to the handling of personal information for EU citizens.
More information about GDPR and GDPR rights is available here.
Some of the key privacy and data protection requirements include:
The GDPR applies to most companies that process and hold personal data of data subjects residing in the EU, regardless of the company’s location. This includes information that can be used to directly or indirectly identify a person, ranging from a person’s name, phone number, email address, bank details, medical information, and computer IP address. Enforcement of the GDPR began on May 25th, 2018.
- requiring the consent of subjects for data processing
- allowing data subjects to access, correct, and delete their data
- anonymizing collected data to protect privacy
- providing data breach notifications
- safely handling the transfer of data across borders
- requiring certain companies to appoint a data protection officer to oversee GDPR compliance