The GDPR or General Data Protection Regulation is a set of rules to better protect the data of European citizens. This new privacy law changes the national regulations of all European member states into one new privacy law.
The new law protects all data that says something about you as a person. This ranges from your name, phone number, address and place of residence to your IP address, your browsing history, your online shopping cart and what you like and share on social media. There is also such a thing as "special personal data." These are sensitive data that need extra protection, such as your religion or health.
Once you share all this data with others, special rules must be respected. Sharing data with others can of course be done in different ways.
The most important rule is that companies are not allowed to just collect and use your data. They can only do so for specific purposes that are defined by law. They may only collect data if it is effectively necessary for the provision of a good service and they must clearly indicate why they are collecting your data.
Those who use and collect data from others must also always be able to demonstrate that this is done carefully, securely and responsibly. The GDPR goes quite far in this regard, imposing quite a few obligations to ensure "careful and secure data processing." For example, a data register must always be established: a clear document that states what data is kept, where it comes from and with whom it is shared.
Companies are not allowed to just keep and process anything, let alone pass it on to partners. They should also prepare a clear privacy statement, where you can read what they collect, what they do it for, whether they pass your data on to others and how long they keep it. That privacy statement should be written in clear, simple language.
All actions that an organization can perform with personal data, from collection to destruction.
Acts that are covered according to the General Data Protection Regulation include: the collection, recording, organization, structuring, storage, updating or modification, retrieval, consultation, use, transmission, dissemination, making available, alignment, blocking, erasure and destruction of data .