Companies that collect data on citizens in European Union (EU) countries need to comply with strict new rules around protecting customer data. The General Data Protection Regulation (GDPR) sets a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to maintain compliance.
Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.
The difference between the "Directive" and the "Regulation" is that the Regulations are binding, enforceable, fine-tuning laws. By decision of the Cypriot Parliament GDPR 679/2016 was officially enacted and institutionalized by the Republic of Cyprus. The Law 125(Ι) 2018, in Cyprus, was adopted for the purpose of effective implementation of certain provisions of the European Union Act entitled "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on free movement of such data and for the repeal of Directive 95/46 / EC (General Data Protection Regulation) ".
The regulation 679/2016 and the Cyprus Law 125(I) 2018, applies to any organization that collects, processes and stores personal data from EU citizens or a natural person residing in the EU or completing transactions within EU agencies.
Some of the types that GDPR protects are the following:
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation