On May 25, 2018, the new EU Data Protection Regulation came into force. The regulation is called General Data Protection Regulation and is usually abbreviated GDPR. The GDPR, which replaces the former Personal Data Act (PuL), has as its primary task to Strengthen the rights of individuals and thereby impose stricter and new requirements regarding handling personal data. The GDPR rules that the person processing personal data must have control over, and be able to explain what personal data is processed, how the data is collected and stored and
why the treatment is taking place, and that there is a legal basis for the treatment. In practice, GDPR means that people who are in a company’s register have the right to access to their tasks and if desired they get deleted or moved. Data Protection Regulation applies throughout the EU in order to create a uniform and equal level of protection of personal data.
What is “personal data”?
A personal data is any kind of information that can be directly or indirectly attributed to a physical person person who is alive. This may include names, addresses and social security numbers, though images and various types of electronic identities (eg IP numbers) are also counted personal data in case they can be linked to natural persons. Processing of personal data is any action performed with the data, regardless of whether it is is performed manually or automatically. Some examples of the processing of personal data are collection, registration, organization, structuring, storage, modification, transfer and deletion.