Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
The GDPR strengthens existing rights, provides for new rights and gives citizens more control over their personal data. These include easier access to their data — including providing more information on how that data is processed and ensuring that that information is available in a clear and understandable way; a newright to data portability — making it easier to transmit personal data between service providers; a clearer right to erasure (‘right to be forgotten’) — when an individual no longer wants their data processed and there is no legitimate reason to keep it, the data will be deleted; right to know when their personal data has been hacked — companies and organisations will have to inform individuals promptly of serious data breaches. They will also have to notify the relevant data protection supervisory authority.