The GDPR (General Data Protection Regulation), deals with the management and security of personal data of European citizens. From 25 May 2018, these rules will come into force in all European countries!
The GDPR applies not only to organisations in the European Union, but to all organisations processing personal data of persons residing in the European Union, regardless of where the organisation is located.
Personal data is a piece of information about a person (the person concerned), on the basis of which it is possible to identify that person directly, albeit in combination with other retained data. Examples are: a name, an address, contact details, a number plate, correspondence with a person, an IP address, ... even information relating to a person's professional life are considered 'personal data'. The notion is therefore quite broad.