The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII).

What is GDPR ?

The GDPR is formed to protect the personal data of the citizens of the EU and how they are collected, stored, processed, used, and even destroyed if it’s not going to be used anymore. The legislation was created to give the citizens control over their personal data.

What is covered ?

Personal data includes IP addresses, location data, and online identifiers. Sensitive personal data includes biometric and genetic data. Other points include parental consent necessary for processing children’s data, cross-border data transfer, how to prevent data breaches, and strict guidelines for data breach notification when they do occur.

Who is affected ?

The GDPR does not only apply to companies in the EU but also to companies outside of the EU that market goods or services to EU citizens. It also applies to companies who either control or process data regarding an EU citizen. It’s important to note that under GDPR, both processors and controllers are accountable for the handling of EU citizens’ personal data (processors – process data on behalf of another company which are the controllers). All companies that fall under those categories must be compliant with all GDPR requirements. That is why it is important – even for non-EU companies – to understand and prepare for this.