General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a data privacy and security law passed by the European union (EU) on May 25, 2018.

Attention: Nothing in this product or its documentation is considered legal guidance or direction. IBM does not provide legal advice. IBM recommends that customers and clients consult with the appropriate legal counsel as necessary.

Does GDPR apply to your organization?

GDPR regulates how organizations around the world handle sensitive data related to citizens or residents of the EU. Even if a business is located outside the EU, the rules of GDPR can apply if the business controls or processes data that’s related to people in the EU.

What data does GDPR involve?

GDPR protects sensitive personal data, including pseudonymous data, that can be used to identify a person. Some examples of sensitive data include:
  • names and email addresses
  • location information
  • gender and ethnicity
  • religious and political beliefs
  • biometric data

What are GDPR’s data protection principles?

GDPR outlines several protection and accountability principles, which includes but is not limited to data and storage minimization, accuracy, confidentiality, lawfulness, and fairness.

To learn more, see https://gdpr.eu/