In December 2015, the long process of agreeing on legislation to reform the legal framework for ensuring the rights of EU residents to a private life was completed, reports DataIQ, which added that it was ratified in 2016 and became widely enforceable on May 25, 2018. According to DataIQ, the reforms consist of:
The General Data Protection Regulation (GDPR), which is designed to enable individuals to better control their personal data. It is hoped that these rules will allow businesses to make the most of the opportunities of the Digital Single Market by reducing regulation and benefiting from reinforced consumer trust.
The Data Protection Directive, which allows the police and criminal justice sectors to ensure that the data of victims, witnesses, and suspects of crimes, are duly protected in the context of a criminal investigation or a law enforcement action. At the same time, the new laws will also facilitate cross-border cooperation of police or prosecutors to combat crime and terrorism more effectively across Europe.
While GDPR was crafted in Europe, it will impact those organizations in the United States that collect personal and/or sensitive information – such as names, emails and phone numbers – and send communications to EU citizens.
Higher Logic prepared a Q&A on GDPR that you can view here