Skip to main content

Understanding GDPR and How It Affects You

The EU GDPR is the most important change in data privacy regulation in 20 years.

Updated this week

GDPR has been in effect since May 25, 2018. Is your organization fully compliant? We’re here to make sure you’re prepared.

What’s GDPR?

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). GDPR covers a wide range of personal data, including names, email addresses, IP addresses, location data, health info, etc. It also addresses the export of personal data outside the EU.

The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

GDPR applies globally — not only to EU organizations but to any organization processing data of EU residents, regardless of location.

Requirements of the GDPR

Consent to store data

Data subjects must be allowed to choose whether to consent to the processing of their personal data.

Consent withdrawal

Data subjects must have the ability to easily withdraw their consent to process their personal data.

Right to access

Data subjects have the right to obtain confirmation as to whether or not personal data concerning them is being collected, where, and for what purpose. Further, the controller is required to provide, upon request, a copy of the personal data, free of charge, in an electronic format.

Right to be forgotten

Data subjects have the right to request that the data controller erase his/her personal data, cease further dissemination of the data, and stop any third parties from processing the data. This right is not absolute and applies under certain conditions (e.g., no overriding legitimate grounds for processing).

Breach notification

Data subjects must be notified of any data breach which is likely to “result in a risk for the rights and freedoms of individuals”, within 72 hours of first having become aware of the breach.

Data portability

Data subjects have the right to receive their personal data in a portable electronic format that allows them to transfer the data to another controller.

Who is affected by GDPR requirements?

  • The regulation applies if the data controller, an organization that collects data from EU residents, or the processor, an organization that processes data on behalf of data controllers like cloud service providers, or the data subject (person) is based in the EU.

  • The regulation also applies to organizations based outside the EU if they collect or process the personal data of individuals located inside the EU.

What is personal data?

According to the European Commission, “personal data” means any information relating to an identified or identifiable individual. This can include details about a person’s private, professional, or public life.

Examples of personal data include:

  • name

  • home address

  • photo

  • email address

  • bank details

  • posts on social networking sites

  • medical information

  • a computer’s IP address

More information about GDPR:

EU Data Protection Guide

GDPR Home Page

Related Articles

Is Raklet GDPR-compliant?

How to Prepare Your Organization for the GDPR?

Where Are the Raklet Servers Hosted?

Which Countries Do We Serve With Raklet?

Do I Need a Legal Entity to Use Raklet?

Did this answer your question?