GDPR stands for General Data Protection Regulation. It's the core of Europe's digital privacy legislation.
Basically, GDPR is a new set of laws made to give EU citizens bigger control over their personal data. Its goal is to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
Fundamentally, almost every aspect of our lives goes around digital information. From social media companies to banks, retailers, and governments - almost every service used involves the collection and analysis of our personal data. Your name, address, credit card number, and more all collected, analyzed, and, most importantly, stored by organizations.
Data breaches inevitably happen from time to time. Information gets lost, stolen, or otherwise released into the hands of people who were never intended to see it like hackers - and those people often have malicious intent towards the owner of that data.
Under the terms of GDPR, not only do organizations have to make sure that the personal data they have is gathered legally and under strict conditions like contracts, but those who collect and manage it are under the obligation of protecting it from misuse and exploitation, as well as to respect the rights of data owners of having their private information stay private - or face penalties for not doing so.
The General Data Protection Regulation applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses inside the EU. That ultimately means that almost every major corporation in the world needs a GDPR compliance strategy. In essence, this means that the GDPR expanded very quickly around the world due to this requirement.
There are two different types of data-handlers the legislation applies to: 'processors' and 'controllers.' The definitions of each are laid out in Article 4 of the General Data Protection Regulation.
The GDPR has faced a lot of media coverage. Most of it has been about the possible multimillion-dollar fines that businesses might incur if they fail to secure their customer’s data, but this doesn’t mean that the GDPR doesn’t have sides that are good for business.
An exemption in the GDPR means a possible use for personal data where some or all requirements or rights are changed. Some exemptions are full, that’s to say, don’t require the organization to collect, store or process the data according to GDPR and data protection law at all, and some are partial.
Generally, exemptions exist where there is a national or public interest greater than the interests of the individual. However, often the extent of the exemption can be relied on only if it would otherwise be unfeasible to uphold the rights and principles under GDPR.
Some of these exceptions might be: