Security Encyclopedia

General Data Protection Regulation

The 2016/679 General Data Protection Regulation of the European Union was created to standardize data privacy laws across European member countries. It includes principles relating to the processing of personal data, lawfulness of processing, conditions of consent, conditions applicable to a child's consent in relation information society services, processing of special categories of personal data, processing of personal data relating to criminal convictions and offenses, and data processing which does not require identification.

The aforementioned coverage areas are according to the official PDF of the regulation (EU) 2016/679 version OJ L 119, 04.05.2016; cor. OJ L 127, 23.5.2018. Some of the well known topics related to the regulation have been the "Rights of data to subject" and "Transfers of personal data to third countries or international organizations". For example the section of Art. 14 GDPR mandates the controller to provide "from which source the personal data originate, and if applicable, whether it came from publicly accessible sources".

The hot topic about data location for enterprises is found in Chapter 5 Art. 44 GDPR , "General principle for transfers". For example if a company is located in country x and the user lives in country y, where should the data be stored? This section brings discussion of data location and security of data transfer across countries.

Notable GDPR Cases:

"GDPR has led to $126 million in fines over data privacy"
- Source: Engadget

Video on GDPR:

Source: Wall Street Journal