general data protection regulation (GDPR)
The 2016/679 General Data Protection Regulation was created to standardize data privacy laws across Europe. It includes principles relating to processing of personal data, lawfulness of processing, conditions of concent, conditions applicable to child’s consent in relation information society services, processing of special categories of personal data, processing of personal data relating to criminal convictions and offenses and processing which does not require identification.
This is according to the official PDF of the regulation (EU) 2016/679 version OJ L 119, 04.05.2016; cor. OJ L 127, 23.5.2018. Some of the well known topics related to the regulation have been the “Rights of data to subject” and “Transfers of personal data to third countries or international organizations”. For example the section of Art. 14 GDPR mandates the controller to provide “from which source the personal data originate, and if applicable, whether it came from publicly accessible sources”.
The hot topic about data location for enterprises is found in Chapter 5 Art. 44 GDPR , “General principle for transfers”. For example if a company is located in country x and the user lives in country y, where should the data be stored? This section brings discussion of data location and security of data transfer across countries.
Notable GDPR Cases:
“GDPR has led to $126 million in fines over data privacy”
– Source: Engadget
Video on GDPR:
Source: Wall Street Journal