The complete guide to GDPR and compliance can be found at gdpr.eu
GDPR began May 25, 2018, and since then has levied harsh fines against violators of the EU's data privacy legislation. According to website GDPR Enforcement Tracker, the top 10 countries with the highest total fines are:
And the breakdown of violations by industry:
In a nutshell, GDPR covers businesses, government agencies, and other entities:
- In the European Union (EU);
- That offer goods or services to anyone in the EU;
- and collects, stores, transfers, or uses personal information about EU citizens
For individuals, GDPR offers extended protections regarding the use of personal data such as:
- Right to Access:
- Obtain confirmation as to whether or not their personal data is being processed, where and for what purpose
- Access their personal data
- Correct errors in their personal data
- Right to be Forgotten:
- Erase their personal data
- Object to having their personal data processed
- Data Portability:
- Receive a copy of any personal data stored, and transfer that data to another vendor/controller
GDPR defines personal data as:
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. (source)
