Companies and organisations based in the EU, and those with customers in the EU, will need to comply with the General Data Protection Regulation (GDPR) that comes into effect on 25 May 2018. Essentially, GDPR provides greater protection for individuals in relation to how their personal information is collected, stored, shared and utilised by businesses. The potential fines for not complying with GDPR are eye-catching (up to 4 % of global turnover) and add focus to the question of how to be GDPR-compliant.
GDPR stands for General Data Protection Regulation, a European piece of legislation that will come into effect on 25 May 2018.
Under GDPR Personal Data is defined as: "Any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person." (Article 4, EU GDPR "Definitions")