What is GDPR?
Regulation (EU) 2016/679 on Personal Data Protection, which applies directly in all EU/EEA countries as of 25 May 2018. For business that means many new rules designed to ensure individuals’ personal data protection.
Under GDPR, processing of personal data of any employee, client or business partner must be done on the basis of a specified in the GDPR legal ground, for a specific purpose, for a fixed period of time, and it is your responsibility to prove that you have informed the data subjects for all their rights and given them a free choice where necessary. There are additional requirements if you process “sensitive personal data” (e.g. racial or ethnic origin, political and religious beliefs, trade union membership, genetic and biometric data, health status etc.).
Who will monitor compliance?
Local Data Protection Authorities in EU countries will monitor your GDPR compliance if you process personal data of EU citizens. Besides the Commission, there are controlling bodies at European level.