European General Data Protection Regulation (GDPR) The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation of EU data protection and privacy legislation for all persons within the European Union and the European Economic Area . It also concerns the export of personal data outside the EU and the EEA. The GDPR is primarily aimed at controlling citizens and residents over their personal data and at simplifying the regulatory environment for international companies by integrating the regulation within the EU.
Replacing the Data Protection Directive, the Regulation contains provisions and requirements for the processing of personal identification information of data subjects within the European Union. Business processes that handle personal data must be created with privacy by design and by default, which means that personal data must be stored under a pseudonym or full anonymity and use the highest privacy settings by default so that the data is not publicly available explicit consent and can not be used to identify an issue without storing separate information. The processing of personal data is not permitted unless it is done in accordance with the legal basis laid down in the Regulation or if the controller or processor has obtained the express consent of the data holder. The company must allow this license to be revoked at any time.
A personal data processor must clearly state what data is collected and how, why it is processed, how long it is stored and if it is shared with third parties. Users have the right to request a portable copy of the data collected by a processor in common format and the right to delete their data under certain conditions. Public authorities and companies whose main activities are focused on the regular or systematic processing of personal data are required to hire a Data Protection Officer (DPO), who is responsible for managing GDPR compliance. Businesses must report any data breaches within 72 hours if they adversely affect users' privacy.
It was issued on 14 April 2016 and after a transitional period of two years becomes enforceable on 25 May 2018. Because the GDPR is a regulation and not a directive, it does not require national governments to adopt legislation and is directly binding and in force.