GDPR stands for General Data Production Regulation. This regulation came into force on May 25, 2018 with the goal of improving personal privacy and gives greater control to the public over their personal information and how it is used.
Personal data is described as any information that can identify you such as:
- Date of birth
- Passport Number
- Family Members
- Phone number
- Email address
- IP address
- Payment information (credit card and bank information)
- Photos (of the person in question, family, home, etc.)
Data Processing is defined as any type of collecting, recording, structuring, storing, using, erasing, sharing of the data.
Data Subject is defined as the person who’s data has been collected and processed – otherwise known as customers or site visitors.
GDPR applies to ANY company that does business within the EU (even if the company doesn’t actually physically reside in the EU). The regulations go into detail about how to collect the information in a transparent way, how it must be protected from theft, and if there is a security breach, how many hours you have to tell your data subjects or face consequences. It also details information such as how a data subject has the “right to be forgotten” and how that must be handled.
The most up to date details of GDPR can be found on https://gdpr.eu