GDPR – data protection regulations approved in an European Parliament and came into force in May 2018. It replaces the European Directive EC/95/46 in favor of data protection. There is no need in further legislation and the regulations apply directly on countries, organizations and individuals. Non-compliance with e regulations may lead to two types of fines (depending on type of the violation and the set of considerations): 1. 10 Million Euros or 2% of revenue, the highest of the two. And 2. 20 Million Euros or 4% of revenue, the highest of the two.
The regulations apply on every type of personal information that identifies or can identify through a private person (Natural Person), directly or indirectly. That is, the regulations do not protect the data of the companies/organizations and people who are no more among livings.
The regulations apply on organizations within the EU but not only. They apply also on organizations placed outside the Union while they: 1. Offer compensations or services, payed or not, to the data subjects in the Union. 2. Monitor the behavior of the data subjects in the Union.
The regulations define new data subjects’ rights, including amongst others, the “right to be forgotten”, “the right to access by the data subject”, “right to rectification”, “right to restriction of processing” etc.