GDPR is the acronym for the General Data Protection Regulation, a European Union law designed to protect the privacy of personal data. “Data” is defined broadly by the law, as anything relating to a person, whether it relates to public, professional, or personal life. This includes many types of information, including the following:
The law applies to all organizations that process or hold data related to European Union citizens that can be used to identify a person, either directly or indirectly. Obviously, businesses within the EU are subject to the law. But it goes further. Importantly, the GDPR also applies to organizations located outside of the European Union if they process or collect data of people living inside the EU. Thus, virtually any enterprise conducting business within the EU must comply with the law.
The penalties for non-compliance can be harsh, with a minimum fine of 20 million Euros for violations. Fortunately, ContractSafe simplifies GDPR compliance for companies.