The General Data Protection Regulation (GDPR), is a European privacy law approved by the European Commission in 2016 and will go into effect May 25th 2018. The GDPR will replace a prior European Union privacy directive known as Directive 95/46/EC which has been the basis of European data protection law since 1995. The GDPR is an attempt to strengthen, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and remove personal data. In a nutshell, it's giving EU citizens and residents control over their personal data while simplifying the regulatory environment for international business that takes place in the EU.
The Data Protection Principles include requirements such as:
- Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
- Personal data should only be collected to fulfill a specific purpose and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
- Personal data should be held no longer than necessary to fulfill its purpose.
- People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.
GDPR and RonDavid.net