General Data Protection Regulation: Difference between revisions

The regulation applies if the data controller (an organisation that collects information about living people, whether they are in the EU or not), or processor (an organisation that processes data on behalf of a data controller like cloud service providers), or the data subject (person) is based in the EU. Under certain circumstances,<ref>'''Article 3(2)''': This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

 

According to the [[European Commission]], "Personal data is information that relates to an identified or identifiable individual. If you cannot directly identify an individual from that information, then you need to consider whether the individual is still identifiable. You should take into account the information you are processing together with all the means reasonably likely to be used by either you or any other person to identify that individual."<ref>{{Cite web|url=https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/|title=What is personal data?|date=January 2021|access-date=22 July 2019|archive-date=24 July 2019|archive-url=https://web.archive.org/web/20190724112940/https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/|url-status=live}}</ref> The precise definitions of terms such as "personal data", "processing", "data subject", "controller", and "processor" are stated in '''Article 4'''.<ref name="32016R0679"/>{{rp|Art. 4}}