EU's General Data Protection Regulation (GDPR)
As records become increasingly digitized, many institutions hold highly sensitive personal information on their students, employees, and other individuals in digital form. As such, the need to protect data and privacy rights of individual is pressing. The GDPR
was introduced to specify how consumer data of citizens in the EU should be used and protected.
The GDPR applies to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR also applies to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. This regulation replaces Directive 95/46/EC