As of May 25, 2018, the General Data Protection Regulation (“GDPR”) replaced the Data Protection Directive 95/46/EC (“Directive”) and applied directly in all countries of the European Union (“EU”). The GDPR is the most important EU data protection legislation to be enacted in decades. It significantly restricts the abilities of companies to process personal data and generally provides for stricter rules as compared to existing law.
The EU data protection law applies to the processing of personal data, which is a concept that is interpreted very broadly. Other important concepts include pseudonymized data and anonymous data.