The General Data Protection Regulation, or GDPR, is a privacy and security law that was passed by the European Union on May 25th, 2018. While it’s an EU regulation, its influence has a global impact: any company, no matter where it’s based, must prove GDPR compliance if it handles data for any EU citizen.
GDPR is the toughest privacy and data security regulation in the world today. Organizations that violate GDPR can be subject to fines up to 20 million euros, and face even greater liability in class-action and other civil suits. As the EU represents a dramatic portion of the global marketplace, adhering to GDPR is critical, especially for enterprises operating in the cloud.
Key terms under GDPR
Any information about an individual which could be used to directly or indirectly identify them. Names, email addresses, credit card numbers, and personal identification numbers are among things considered personal data according to GDPR.
Any automated or manual action performed on or using data. Collecting, recording, organizing, storing, using and deleting are all data processing actions.
The person whose data is being processed. The user who enters their name, address and phone number is the data subject.
An owner or employee of an organization who handles user data of any person belonging to the EU is a data controller.
A third party who processes data collected by a data controller.