EU General Data Protection Regulation: A Gentle Introduction
This is an incremental introduction to existing regulations, addressing privacy protection for EU/EEA citizens and businesses.
The paper introduces the EU General Data Protection Regulation (GDPR), which tackles the problem of safeguarding personal data privacy for EU/EEA citizens by unifying disparate privacy regulations, aiming to give citizens more control and simplify business compliance.
The GDPR, or the Datenschutz Grundverordnung (DSGVO) in German, is an EU Law which addresses the subject of safeguarding privacy of personal data of the citizens of the EU and EEA. It also specifies how data the collected data might be transported out of the EU/EEA. It is the first genuine effort to unify the plethora of disparate privacy regulations put forward by different regulatory bodies. The GDPR aims to not only give more control over their personal data to the citizens, but also make conformance for businesses easier by defining unified guidelines. It also presses businesses, especially those dealing with sensitive personal data, to build their information systems in a way that confirms with Privacy by Design. These regulations aim to ensure a more transparent handling and processing of personal data, and create an environment of trust and awareness on both sides, i.e., the data owner as well as the controllers/processors.