This is a data protection law that was introduced by the EU (European Union) to give individuals more control over how their personal information is collected, stored and used by companies. GDPR sets out clear rules for businesses and public bodies on handling personal information responsibly, securely and transparently.
Under GDPR companies must ensure that PII is only collected for legitimate purposes, kept securely and not stored for longer than necessary. Individuals are also given a variety of rights, including the right to access their data, request corrections, ask for information to be deleted in certain circumstances and understand how their data is being used.
The regulation applies to any organisation that processes the personal data of people within the EU and UK, regardless of where the organisation itself is based.
Under GDPR companies must ensure that PII is only collected for legitimate purposes, kept securely and not stored for longer than necessary. Individuals are also given a variety of rights, including the right to access their data, request corrections, ask for information to be deleted in certain circumstances and understand how their data is being used.
The regulation applies to any organisation that processes the personal data of people within the EU and UK, regardless of where the organisation itself is based.
