General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a strict set of data privacy laws for businesses that collect data on EU citizens. Under GDPR, businesses are responsible for safeguarding numerous types of personal information, including the customer's IP address, cookie data, home address, and Social Security number.
Frequently asked questions
What are the 7 basic principles of GDPR?
The 7 basic principles of GDPR are:
- Lawfulness, fairness, and transparency
- Purpose limitations
- Data minimization
- Storage limitation
- Integrity and confidentiality
What data types are covered by GDPR?
GDPR is designed to safeguard the data of EU citizens. As a result, the regulation covers data types including:
- Personally identifiable information (PII), such as names, addresses, contact numbers, or email addresses of users visiting the website
- Other personal information, such as political opinions, ethnic origins, sexual orientation, and religious ideologies
- Health data, such as the patient’s genetic history, name, test results, emails, and audio recordings or physician notes about a patient
- Biometric data, such as fingerprints, facial patterns, voice, or typing cadence of users
- Web data, such as IP addresses, browsing activity, names, emails, and credit card information
Does GDPR apply to the US?
According to Article 3, GDPR applies to any company — regardless of location — that collects, stores, or handles the data of EU citizens.