The General Data Protection Regulation (GDPR) has been finalised by the European Union and will come into effect from May 2018. It replaces all data protection legislation in European Union (EU) member states such as the Data Protection Act 1998 (DPA) in the UK.
The GDPR includes new and improved privacy rights for individuals within the EU, such as “the right to be forgotten”. The new obligations relate to the collection, use and transfer of consumers’ personal data. The official interpretation of Personal Data is “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, and posts on social networking websites, medical information, or a computer’s IP address.”