The General Data Protection Regulation (GDPR)

flag of european union blue with yellow stars

What is the General Data Protection Regulation (GDPR)?

The GDPR aims to protect personal data and to provide rights to natural persons in the European Union. The regulation applies to controllers (the organisation that is responsible) and to processors (the organisation that holds and processes personal data).
The persons whose data is processed have far-reaching rights under GDPR, like erasure and the right to object to processing. The processers and controllers have a lot more obligations, like documenting all data stores and getting permission to work with the data.

GDPR and the main concerns

The GDPR is centred around a few very powerful principles, amongst which: lawful processing, transparency and limited to purpose. The last of these principles is embodied by forcing the controller to get explicit consent in context of the purpose, e.g. “I hereby agree that you will sell my data to a third party”.
As a result, organisations have three main concerns working with GDPR:
  • (explicit) consent;
  • right to be forgotten;
  • data portability.

GDPR possibly the biggest challenge to business this decade

GDPR, Privacy, Privacy Impact Assessment