Computer Law - General data protection regulation

  General Data Protection Regulation (GDPR) is a law that obligates companies to protect the personal data or privacy of every European Union (EU) citizen. Every business that collects data on their clients in the EU has to be aware of strict laws about assuring it. This law has replaced outdated data protection law in April 2016 and has pretty big requirements that need a lot of investments by the firms. General Data Protection Regulation wants to prevent data breaches such as identity information (passports etc.) and users' passwords. GDPR protects various types of data such as racial or ethnic data, web data, sexual orientation, health plus genetic data, or biometric data. 

Criteria which businesses need to comply with this law are: 

- Location in the EU

- If they are not in the EU but processing EU citizens data

- Have more than 250 employees

- Less than 250 employees but processing data subjects. (Nadeau, 2020)

Reference list: 

Nadeau, M., 2020. What Is The GDPR, Its Requirements And Facts?. [online] CSO Online. Available at: <https://www.csoonline.com/article/3202771/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html> [Accessed 11 December 2020].