The GDPR is a EU regulation intended to give people in Europe more protection of and control over their data. The requirements apply to all organizations, regardless of location or industry, that processes the personal data of EU residents.
This regulation took effect on May 25, 2018 and will modernize the principles laid out in the EU Data Protection Act of 1995 for the current technology age. Now that information is accessible at the tips of our fingers 24/7, there is greater scrutiny on companies that are entrusted with personal data and they will have a larger responsibility with respect to its protection.
For consumers, GDPR provides new options with regard to their data. Once in effect, consumers will be able to access their personal data, alter or correct it, erase it completely, opt out of its use, and restrict it from being processed.
For companies, GDPR requires measures to protect personal data and to notify authorities if there is ever a breach of personal data. The GDPR also introduces new requirements for processing personal data, including notice of data collection and type of data use to consumers as well as record keeping requirements for data processing activities.