The General Data Protection Regulation (GDPR) which is designed to enable individuals to better control their personal data. It is hoped that these modernized and unified rules will allow businesses to make the most of the opportunities of the Digital Single Market by reducing regulation and benefiting from reinforced consumer trust.
The GDPR was ratified mid-2016 and immediately became law. The General Data Protection Regulation (GDPR) is in force as of the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
GDPR applies to:
The processing of personal data by a data controller or a data processor
Builds on existing data protection rules and principles, with significant changes
- increased compliance obligations for businesses and organisations
- new and enhanced rights for individuals
- increased regulatory powers and sanctions
- privacy by design and default