What is the General Data Protection Regulation (GDPR).

Overview

The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU. GDPR replaces the Data Protection Act of 1998 and aims to simplify the regulatory environment by unifying regulation within the EU.

GDPR imposes regulations for organizations that engage with individuals in the EU, expanding the rights of individuals with respect to the processing of their personal data and mandating security measures surrounding this.

GDPR applies to any organization that conducts business with citizens of the European Union and European Economic Area (EA), providing two key areas for compliance.

Information

GDPR sets out the rights of the Data Subject with respect to the processing of personal data, requiring transparency and suitable security measures proportionate to the risk involved in processing the related data to be in place.

Visit www.eugdpr.org for more information.

Consent

Obtaining consent provides greater rights and controls for individuals in the EU as to how their personal data is obtained and used.

Accountability

Greater accountability and the need for transparency across all organizations to demonstrate their compliance with GDPR.

Definitions

Data Subjects: a person whose data is held

Data Controllers: properties that use RMS software

Data Processors: RMS (company)

Personal Information (Data): any information that relates to a natural person (Data Subject) that can directly or indirectly identify that person. This may include name, location, an online indicator, or any factors specific to the person, including anything physical, psychological, and any cultural or social identity reference.