We will be doing a number of posts on the European Union’s General Data Protection Regulation (“GDPR”) as it will be taking effect in May of 2018. Unlike its predecessor the GDPR is not a directive, but a regulation, meaning that all EU member countries have to comply with its explicit terms (unlike a directive which they are to incorporate into their domestic law). The GDPR applies to a lot of data, but only that which is “personal data” defined as “any information relating to an identified or indentifiable natural person (‘data subject’)”.
One of the important new aspects of the GDPR versus any European predecessor is that it defines the term “personal data breach”, and sets forth notification requirements to both the jurisdiction and the individuals that were/could be affected by the breach. Read more