The General Data Protection Regulation 2016/679 (GDPR) is an action passed by the European Parliament, Council of the European Union (EU), and European Commission to unify and strengthen data protection for all individuals and return control of personal data to citizens.
Enforceable on May 25, 2018, GDPR replaces Directive 95/46/EC 2 of 1995. It does not require enabling legislation through the governments of individual member nations—making it directly binding and applicable. Further, the GDPR extends the concept of personal data to include any data element that may identify, directly or indirectly, the “Data Subject.” This includes a name, a photo, an email address, bank details, social network posts, medical information, or a computer IP address.
With controversial topics surrounding this regulation, much conversation will surely take place. For example, technology firms and industries who have long had data-retention requirements may find data destruction—the Right to be Forgotten detailed below—difficult to integrate. They will likely need to change both their processes and use of technology.
My New Solution Guide provides the most important things you need to know in an easy-to- understand format.