The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 European Union (EU) countries and imposes strict new rules on controlling and processing of personal information. It went into effect as of May 25, 2018.
What activities does the GDPR apply to?
The GDPR applies to the “processing” of personal information by an individual or legal entity. The term “process” is extremely broad and generally covers anything that is done to or with personal data, whether by automated or manual means. This may include collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasing, or destroying data.
