What is the General Data Protection Regulation (GDPR)?
According to the European Data Protection Supervisor “The EU’s data protection laws have long been regarded as a gold standard all over the world. Over the last 25 years, technology has transformed our lives in ways that nobody could have imagined so a review of the rules was needed.
In 2015, the EU adopted the General Data Protection Regulation (GDPR), one of its greatest achievements in recent years. It replaces the 1995 Data Protection Directive which was adopted at a time when the internet was in its infancy.”
“The EU says GDPR was designed to “harmonize” data privacy laws across all its members’ countries as well as providing greater protection and rights to individuals. GDPR was also created to alter how businesses and other organisations can handle the information of those that interact with them. There’s the potential for large fines and reputational damage for those found in breach of the rules.”
Who does GDPR apply to?
“Any company that stores or processes personal information about EU citizens within EU states much comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply with are:”
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data. This effectively means almost all companies.
What types of privacy data does the GDPR protect?
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
Download this PDF to read more about GDPR and how Clarabyte protects the personal information of EU citizens.
