What is the GDPR?

GDPR stands for General Data Protection Regulation. It is a European Union (EU) law that went into effect on May 25th, 2018. GDPR governs how personal data can be used, processed, and stored personal data.

In simple terms, GDPR is a set of rules designed to give EU citizens more control over their personal data. It gives citizens the right to demand subject access to their personal information, and the right to demand that an organization destroys their personal information. 

Prior to the passage of GDPR, data that was considered personal included name, address, and photos. GDPR extended the definition of personal data to include things such as an IP address, as well as sensitive personal data such as genetic data and biometric data which could be processed to uniquely identify an individual.

 The GDPR applies to all organizations within the EU, including those that provide goods or services to the EU or monitor EU citizens.