The European General Data Protection Regulation (EU-GDPR or GDPR) is a European Union regulation which controls the processing, storage and transmission of personal data, for both digital and paper. The GDPR applies to both private companies and the public sector.
The goal of the GDPR is the express protection of individuals’ personal data. Through the regulation, they receive transparency and more control over the processing of their data by companies and institutions. In addition, the GDPR standardizes the previously different regulations in European member states and ensures the free flow of data within the single European market.
The data of people in the EU are protected, and so the GDPR also applies to companies outside of Europe which process the data of citizens of the EU. The EU-GDPR went into effect on May 25, 2018. A significant difference from the previous regulations of the German Federal Data Protection Law (BDSG) is the increased sanctioning of data protection violations. According to Article 83, paragraph (5), in certain cases the amount of fines is now set to up to 20 million Euro or up to four percent of the global annual turnover. In comparison, the German BDSG previously set a maximum fine of 300,000 Euro.