Skip to main content

The GDPR - What It Is About

The General Data Protection Regulation (vernacularly the GDPR) is the legislation imposed by the EU, which applies to the use of personal data. The GDPR was published in April 2016 and was fully applied from May 2018. Local governments are publishing complementing privacy legislations in 2018 and 2019 depending on the country.  

Which Information Is Personal Data?

Personal data refers to any information from which a natural person can be directly or indirectly identified. It does not matter whether the information relates to an individual in person or in the context of professional or public life.

Examples of a personal data:
  • a name
  • a photo
  • an email address
  • voice or bank details

The GDPR’s Different Requirements to Various Stakeholders

GDPR has increased and tightened the obligations and requirements when personal data is processed. The organizations have to ensure their ability to comply with the GDPR. In practice, this means that organisations have to:

  • Take proactive approach towards management of personal data
  • Understand what data their business processes as well as how and where the data is retained
  • Provide transparent information about the processing 
  • Take data protection into consideration in the business activities        
  • Ensure appropriate protection measures taking into account the risk level the processing may cause for individuals etc.