The General Data Protection Regulation (GDPR) standardises data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents. The GDPR replaces the 1995 EU Data Protection Directive and comes into force on May 25, 2018. It also supersedes the 1998 UK Data Protection Act.
The GDPR is important because it improves the protection of European data subjects’ rights and clarifies what companies that process personal data must do to safeguard these rights. It’s essential to be prepared for the GDPR as there will be obligations on companies handling EU data and there could be fines or further consequences if data protection standards are not up to scratch.