General Data Protection Regulation

From Glitchdata
Jump to navigation Jump to search

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.

It lays out the procedure that companies must follow with respect to the storage and handling of personal data belonging to residents of European Union (EU) countries. The GDPR requirements apply to both European and international organizations.

The purpose of the regulation is ensure that data subjects retain control over their own personal information and to simplify the regulatory environment for international business.

The regulation was adopted in April 2016 and entered into force in May 2018. It introduces a number of restrictions on the collection and processing of personal information, and establishes the liability of companies for improper storage of data and harvesting of unnecessary information. Non-compliance entails a fine of up to 20 million euros or 4% of the company’s annual turnover.

Supersedes the Data Protection Directive 95/46/EC. This regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects' citizenship or residence—that is processing the personal information of individuals inside the EEA.

The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable, but does provide flexibility for certain aspects of the regulation to be adjusted by individual member states.