The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU. GDPR replaces the Data Protection Act of 1998 and aims to simplify the regulatory environment by unifying regulation within the EU.
GDPR imposes regulations for organisations who engage with individuals in the EU, expanding the rights of individuals with respect to the processing of their personal data and mandates security measures surrounding this.
GDPR applies to any organisation that conducts business with citizens of the European Union and European Economic Area (EA), providing two key areas for compliance.
Obtaining consent providing greater rights and controls for individuals in the EU as to how their personal data is obtained and used.
Greater accountability and the need for transparency across all organisations to demonstrate their compliance with GDPR.
Data Subjects: a person whose data is held
Data Controllers: properties that use RMS software
Data Processors: RMS (company)
Personal Information (Data): any information that relates to a natural person (Data Subject) that can directly or indirectly identify that person. This may include name, location, an online indicator or any factors specific to the person including anything physical, psychological, and any cultural or social identity reference.