Content deleted Content added
No edit summary |
Underscore to hyphen |
||
Line 35:
=== Scope ===
The regulation applies if the data controller (organization that collects data from EU residents) or processor (organization that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU. Furthermore the Regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."<ref>[http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en European Commission’s press release announcing the proposed comprehensive reform of data protection rules]. 25 January 2012. Retrieved 3 January 2013.</ref>
The regulation does not purport to apply to the processing of personal data for national security activities or law enforcement within the European Union; however, industry groups concerned about facing a potential conflict of laws have questioned whether Article 48 of the GDPR -which states that any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third (
=== Single set of rules and one-stop shop ===
| |||