The General Data Protection Regulation (GDPR) is an EU data privacy and security law which was put into effect on the 25th of May 2018. The EU-wide regulation focuses on how companies and organisations handle personal data.
It protects the “fundamental rights and freedoms of natural persons” within the EU.
This law applies to all organisations that process EU citizen/resident data or sell goods and/or services to EU citizens/residents. This law also applies to companies and organisations that do not reside within the EU but do collect data on EU citizens.
The regulation needs to be taken into account with every step of the business process, including tasks such as sending quotations, invoices and newsletters.
Whenever a company or organisation does not comply with and violates the law, consequences such as large fines can be handed out as well as compensation for damages to EU citizens/residents.