General Data Protection Regulation (GDPR) is a European Union (EU) law that will come into effect on May 25, 2018. It has been approved by the European Union and will have regulations that are better suited to protect the data and privacy rights of residents in EU and the European Economic Area (EEA).

Some of the key points of GDPR include:

  • It will replace UK’s Data Protection Act and EU’s Data Protection Directive which came out in 1984 and 1995 respectively
  • Companies irrespective of their size, nature of work, and location will now be responsible for notifying customers about data collected, processed, and stored. This means that companies will now have to explicitly state the purpose behind collecting the data from the users
  • The scope of data collected will include any Personally Identifiable Information (PII) including contact details, payment information, posts and images on social media websites, medical information, and IP addresses
  • Users now have stronger rights to know what data companies hold about them
  • The data has to be managed using best practices of data security, including encryption
  • If users feel any collected data is infringing upon their privacy, they will have the right to have the data deleted
  • In the event of a data breach, be it accidental or part of an orchestrated cyber-attack, companies will have to disclose the attack to the concerned authorities within 72 hours of its occurrence

For more information on GDPR, see: General Data Protection Regulation. If you have any questions, you can reach out to us at [email protected]

Did this answer your question?