What is GDPR?
The GDPR is a law designed to protect EU citizens from illegal, unreliable and inconsistent processing and use of personal data.
The legislation applies to companies that process data for citizens of the European Union (EU) and the European Economic Area (EEA/EØS), which process personal data. The regulations give businesses a number of duties in addition to give the user a number of rights.
Data processing must be based on a valid treatment basis, such as active consent where the purpose of the treatment is clear and relevant. Companies also have a requirement to incorporate privacy by design and be transparent about how they process data. They also must facilitate all user rights, as well as create and maintain a range of actions to protect privacy and document.