The General Data Protection Regulation (GDPR) is a new European privacy law due to take effect on May 25, 2018. It’s a complex and evolving piece of legislation. It sets forth new rules governing how companies may collect, store, and use personal data pertaining to and/or originating from individuals in the EU. It doesn’t matter whether your organization has any presence in the EU, or where your applications and data are processed and stored. If your organization holds or controls any data about an EU citizen, then you need to start thinking about being compliant with GDPR … and the sooner, the better. What is “personal data”?
In the context of GDPR personal data refers to any and all information that can be used to identify an individual. This includes, but is not limited to, names, email addresses, job titles, location data, or even your own unique identifiers. It makes no difference whether we are discussing automated data collection or manual data, and it even covers pseudonymous, or key coded data if the pseudonym can be easily linked back to a specific individual.
So in effect if you collect any information that can be used to identify a specific individual then the GDPR applies to you, and what you do with that data.
What are some of the key changes to data privacy under GDPR?
- Penalties –