The General Data Protection Regulation (GDPR) is a comprehensive regulation that unifies data protection laws across all European Union member states. It defines a set of data rights for EU citizens (called "data subjects") regarding their personal information. The GDPR outlines strict requirements for companies on collecting, storing, processing and managing personal data. The GDPR will be enforced on all EU member states from May 25, 2018.
The GDPR defines a set of rights for all types of private data. This can be for example:
- Basic idendity information such as name, address, and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial and ethnic data
- Political data
- Sexual orientation
Our services are developed in a way that keeps in mind all of the GDPR-s main principles stated in Article 5 of the GDPR around personalized data as a data processor or controller:
- Lawfulness, fairness, and transparency.
- Limited purpose
- Data minimization
- Storage limitation
- Confidentiality and integrity
We’re all going to have to change how we think about data protection.
The main provisions of the GDPR require you to apply the following rules to personalized data:
- Breach notifications
- Right to access
- Right to be forgotten
- Data portability
- Privacy by design