The GDPR is Europe’s new framework for data protection laws. It replaces the previous 1995 data protection directive. Previous law was based upon this directive.\
The EU\’s GDPR website says the legislation is designed to “harmonise” data privacy laws across Europe as well as give greater protection and rights to individuals. Within the GDPR there are large changes for the public as well as businesses and bodies that handle personal information, which we’ll explain in more detail later.
After more than four years of discussion and negotiation, GDPR was adopted by both the European Parliament and the European Council in April 2016. The underpinning regulation and directive were published at the end of that month.
After publication of GDPR in the EU Official Journal in May 2016, it cam into force on May 25, 2018. The two year preparation period has given businesses and public bodies covered by the regulation to prepare for the changes.
Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address… you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.
The definitions are largely the same as those that were previously included in data protection laws. Where GDPR differentiates from current data protection laws is that pseudonymised personal data can fall under the law, if it’s possible that a person could be identified by a pseudonym.
For detailed articles on GDPR click https://ec.europa.eu/info/law/law-topic/data-protection_en