The General Data Protection Regulation (GDPR) (Regulation [EU] 2016/679) is a regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It forces stricter responsibilities on organisations to prove that they have adequate processes in place to manage and protect personal data. The major goals of GDPR are protection of an individual´s personal data and the definition of the rules for the free movement of personal data in the EU.
The EU defines “Personal Data” as “any information relating to an individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.” The new obligations pertain to any organisation that handles data about EU citizens—whether that organisation is in the EU or not. The regulation does not apply to the processing of personal data for national security activities or law enforcement (“competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties”).