The General Data Protection Regulation (GDPR), which was enacted in May 2018, is a legal framework that standardizes the collection, processing and storage of personal information from individuals who live in the European Union (EU). GDPR applies to any company that markets products or services to EU residents, regardless of where it is based. Stiff penalties have been enforced on companies for non-compliance.
The regulation stipulates how companies must act to ensure the protection of personal data including requesting consent, deletion upon request, data breach notification and secure cross-border transfer of user data.
Image courtesy of freepik