The European Union General Data Protection Regulation (GDPR) became effective in May 2018 to replace the Data Protection Directive 95/46/EC as it is designed to harmonize data privacy laws across Europe, protect and empower all European Union (EU) citizens data privacy and reshape the way organizations across the World approach data privacy.
The world is a global village where economic and social integration has led to a substantial increase in cross-border flows of personal data. Technology allows various organizations to make use of personal data to pursue their activities hence the need for a framework on the protection. The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today’s data-driven world.
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a standardized data protection law across all 28 European Union (EU) countries that addresses the protection of personal data of all data subjects (Individuals) within the EU, the free movement of such data within the EU and the export of such data outside the EU.
Application of The Regulation
GDPR applies to:
- Data handlers (controllers and processers) established in the EU regardless of whether their data processing activities take place in the EU or not.
- Personal data of individuals who are in the EU, whose data are being processed by a controller or processor established outside the EU who offer goods and services to such individuals or where such individual’s behavior in the EU is being monitored by the controller or processor.
- Controllers and processors not established in the EU who process personal data of individuals in a place where an EU member state’s law applies by virtue of public international law.