Quick Refresher: What Is GDPR?

GDPR, or the General Data Protection Regulation, is a privacy and security law passed in 2016 by the EU and went into effect in 2018. The regulation governs how organizations collect, use, and secure personal data of EU citizens or residents.

The law exists for four main reasons:

  1. Create a baseline privacy standard for processing personal data related to the people in the EU member states
  2. Reinforce users’ right to data privacy, protection, and transparency
  3. Update privacy laws in light of recent technological changes
  4. Levy non-compliance penalties against organizations to ensure adoption

Who Does GDPR Compliance Apply To?

GDPR applies to all companies controlling and/or processing EU citizens’ or residents’ personal data. Data controllers and processes may sound alike, but they perform different tasks. More specifically:

  • Those that control the data (data controllers) collect, own, and are ultimately responsible for its protection. Controllers define the purpose of the data and associated processing activities. Governments, companies, and individuals can all control data.
  • Those that process the data (data processors) store, retrieve, manipulate, and/or transmit data following the controllers’ instructions. Automated tools and third parties can act as processors.