The Regulation applies if the controller (an organization that collects data from EU residents) or the processor (an organization that processes data on behalf of the controller, for example example cloud service providers) or the data subject (person) is based in the EU. Furthermore, the regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether relating to his private, professional or public life. It can be anything from a name, a home address, a photo, an e-mail address emails, bank details details, posts on social networking websites, medical information or a computer's IP address Say no to plagiarism Get a tailor-made essay on "Why violent video games should not be banned" Get an original essay The rules does not purport to apply to the processing of personal data for national security or law enforcement activities within the European Union, however, industry groups concerned about addressing a potential conflict of laws have questioned whether Article 48 of the GDPR may be invoked to try to prevent a data controller who is subject to; the laws of a third country from complying with a lawful order of the police, judicial or national security authorities of that country from disclosing to those authorities the personal data of an EU person, regardless of whether the data resides inside or outside the EU. Article 48 provides that any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring the controller or processor to transfer or disclose personal data may be recognized or otherwise enforceable only if based on an international agreement, such as a mutual legal assistance treaty in force between the requesting third country (non-EU) and the Union or a Member State. The data protection reform package also includes a separate data protection directive for the police and criminal justice sector which provides for rules on personal data protection data exchanges at national, European and international levels. The GDPR is a regulation that intends to strengthen and unify data protection for all individuals within the European Union and this is done by the European Parliament, the Council of the European Union and the European Commission. It concerns the export of personal data outside the EU. Data helps companies differentiate themselves and therefore represents a competitive advantage. But concerns have grown about how companies use consumer data for marketing, as current regulations offer them no control. Therefore, the GDPR was born with more rigorous and prescriptive compliance challenges, supported by fines of up to 4% of a company's annual global revenue. Other stringent rules include those related to reporting data breaches, the mandatory appointment of a data protection officer, and citizens' right to be forgotten in the digital realm, among others. Please note: this is just an example. Get a custom paper from our expert writers now. Get custom essay The GDPR (General Data Protection Regulation) aims to give citizens and residents back control over their personal data and to simplify the regulatory environment for international businesses by unifying reflection with the EU. This regulation was adopted by the European Parliament on 27 April 2016. The GDPR specifies how data should be used and protected.