General Data Protection Regulation or GDPR is an EU regulation coming into force on the 25th of May 2018. It establishes a new legal framework for processing personal data, replacing the Data Protection Directive. GDPR is directly applicable in all Member States of the European Union.

GDPR increases accountability of organisations with regard to processing and controlling personal data. It establishes mechanism that give individuals full ownership of how businesses handle their data. 

The new legal framework has a broad scope. It is applicable to organisations that process, control, store or collect personally identifiable information. In practice, this means that it is applicable to businesses within the EU and to non-EU businesses that offer goods and services to EU citizens, irrespective of size, industry sector or clients.

This information is provided for guidance and cannot be classified as official legal advice. For official direction related to your obligations under GDPR, please speak to your legal counsel.