The GDPR contains rules on the protection of individuals with regard to the processing of personal data. The GDPR has been in force since May 25, 2018 and is therefore applicable to all companies that are based in Europe or offer products and/or services to customers in Europe.
However, not only companies are affected, but also organizations, authorities, associations and individuals who process personal data outside the family or private sphere.
The core of the GDPR are the principles for the processing of personal data set out in Article 5 , such as the principle of data minimization or storage limitation.