On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will come into effect.
Regardless of a company’s location, the GDPR will apply to all organizations that offer goods or services to, or monitor the behaviour of, individuals within the European Union and the European Economic Area.
Any information related to a natural person or ‘Data Subject,’ that can be used to directly or indirectly identify a person is within the scope of the GDPR. This can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
It is recommended that businesses review their policies, terms, conditions, and data collection processes.