At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy. The reforms are designed to reflect the world we’re living in now, and brings laws and obligations – including those around personal data, privacy and consent – across Europe up to speed for the internet-connected age. Fundamentally, almost every aspect of our lives revolves around data. From social media companies, to banks, retailers, and governments – almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analyzed and, perhaps most importantly, stored by organizations.

Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of malicious people who were never intended to see it. Under the terms of GDPR, not only do organizations have to guarantee that personal data is gathered rightfully and under severe conditions, but those who collect and manage it are obliged to protect it from misappropriation and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimization
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability