In 2016, the European Parliament adopted the Regulation EU 2016/679, known as the GDPR, in order to protect the rights and freedoms of natural persons relative to the personal data processing. The European Regulation provides requirements and obligations for the trading companies and the public authorities that process data belonging to the European Union citizens.
GDPR is applied to all the companies in the European Union which process personal data, and also to the companies outside the Union which offer goods and services or which monitor the behaviour of the natural persons in the European Union.
The European Union citizens have the right to be kept informed, to have access, to be forgotten (to request the data deletion), to request the restriction of the processing, and to not be the subject of a decision based exclusively on the automatic processing and profile creation.
The companies must provide evidence that they obtained the consent of the persons concerned to process their personal data, either by a written document signed by the person concerned, or by an unequivocal action which proves their consent. The companies are compelled to implement the necessary technical and organizational measures, such as PSEUDONYMISATION, the obligation to keep track of the processing activities, and to immediately inform the Supervision Autority about any security breach.