GDPR, or General Data Protection Regulation, is an EU specific legislation designed to give citizens of EU member countries adequate control over their personal data. It is enacted to ensure that businesses as well as citizens of these countries are not just protected but they derive maximum benefit from the digital economy that is evolving. It is an effort to bring laws and obligations that cover day to day life as well as personal data, privacy and consent across EU conform with the connected world.

GDPR insists that organizations will be required to ensure that personal data is gathered legally and under strict conditions and those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so. GDPR applies to all organizations operating within the EU, and all organizations outside the EU which offer goods or services to customers or businesses in the EU. This would mean that almost every major corporation in the world will need to abide by the provisions of GDPR.

PROCESSORS, CONTROLLERS

GDPR specifies two types of data-handlers - the ‘processors’ and the ‘controllers’. A processor is defined as a “person, public authority, agency or other body which processes personal data on behalf of the controller”. And the controller is a “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”. The regulation places a lot of legal obligations on a processor to maintain records of personal data and how it is processed, providing a much higher level of legal liability should the organization be breached.

Controllers will also be forced to ensure that all contracts with processors are in compliance with GDPR.