Τhe legislation is designed to “harmonize” data privacy laws across Europe as well as give greater protection and rights to individuals. It will come into force on May 25, 2018. It will change how businesses and public sector organizations can handle the information of customers.

Individuals, organizations, and legal entities that are either ‘controllers’ or ‘processors’ of personal data will be covered by the GDPR.  Both personal data and sensitive personal data are covered by GDPR.

Personal data, means information that can be used to identify a person such as a name, address, IP address, e-mails etc. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.

The new regulation also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there’s no legitimate interest, and if it was unlawfully processed.

One of the biggest elements of the GDPR is the power for regulators to fine businesses that don’t comply with it.