General Data Protection Regulation (GDPR)

This is known to be the toughest privacy and security law. Approved in 2016, and enforced in May 2018 by the EU, it made the already strict European legal environment even more challenging for businesses. It imposes uniform data security on organizations that deal with the private information of EU citizens.

Under GDPR terms, companies are now obliged to keep the data safe, have it ready to be disposed of if need be, inform customers within 72 hours if a breach has been discovered, find out the extent of the data leak, investigate and resolve it with customers always in the loop, etc.

The GDPR rules apply to almost every piece of data that an organization would collect, even if it’s not used to identify a person. It also includes information that websites often ask for, such as your IP address, email address, and physical device information.

Under GDPR, below is a subset of data that can’t be shared:

  • “Basic identity information” like name and where you live (including name, address, email address, etc.)
  • Web data, such as your location, IP address, cookie data, and RFID tags that can be used to find you on the web
  • Political views
  • Data about health and genes
  • Race or ethnicity