In just a few short months, the European Union’s General Data Protection Regulation (GDPR) will take effect. The regulation, which replaces the EU’s 20-year-old Data Protection Directive, imposes new and more rigorous requirements on any entity that collects or maintains personal consumer data, including entities located outside of the EU. In this article, we’ll provide some background on the origins of the GDPR and summarize the key aspects of the regulation.

What is the General Data Protection Regulation?

The GDPR (officially referenced as Regulation (EU) 2016/679) was originally developed to strengthen and harmonize the safeguards around personal data implemented as a result of the EU’s Data Protection Directive (95/46/EC). The GDPR imposes strict regulations on what it terms “data processors” or “data controllers,” that is, any entity that collects, handles, or analyzes personal data. The overall intent of the regulation is to provide consumers and private parties with greater control over how their personal data is maintained and used. 

 …