Something I need to keep on top of, so I am going to write some small bite sized bits of information that will be useful for myself and anyone else wanting a really simple introduction to the GDPR.
What is the GDPR?
The General Data Protection Regulation is a replacement for the aging Data Protection Directive from 1995. It places more emphasis on the protection and processing of Personally Identifiable Information. The Regulation is not only for companies operating within the 28 EU Member states, but also for any body that processes data from the member states too.
Why do we need it?
Since the Data Protection Directive from '95 the Internet and the tecnological world has change substantially. The amount of information captured, stored and processed is staggering, and with little regulation. The GDPR builds on the DPD so that the individual has more rights to what happens with their data. Which in my opinion is a good thing, despite the extra administration overhead that businesses will have.
Who does it concern?
This is not an exhausting list, but should help provide a rough idea
- Any company who has a presence in an EU country, or processes the personal data of EU residents.
- Have more than 250 employees, or process data that impacts the rights or freedoms of the data subject.
When does it come into action?
May 25 2018, which is closer than you think!
I plan on making a few posts that contain some of the more important aspects of the GDPR over the coming weeks! If anything they will be useful to myself.Tags: privacy infosec GDPR