General Data Protection Regulation
Global Data Protection Regulation (GDPR) is a piece of legislation collaboratively drafted for the data protection of the citizens of the European Union. The regulation is also an update of UK Data Protection Act 1998 (DPA).[1]
The GDPR places specific legal obligations on 'processors' and 'controllers', those who acts as intermediaries between the user/consumer and themselves, the government or any other actor. The controller determines how and why data is processed and processors act on the controller's behalf. Processors maintain data records and are held responsible in case of a breach.
With the update on existing legislation, the GDPR is more precise and inclusive of what constitutes private information than its predecessor. Personal data, that is anything that can identify a user, including an IP address is included, as well as 'sensitive personal data' which may include genetic and biomedical data.