GDPR in a nutshell

GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are. Entities that store and/or process personal information about EU citizens must clearly explain to the citizens what data is being stored and processed, and any parties the data is being shared with. The citizens must opt-in and agree to each instance or reason that their data is being stored and processed. The citizens also must be able to, at any time, request a copy of the data or request that it be deleted.

How does GDPR define "personal data"

As "any information relating to an identified or identifiable natural person."

When do GDPR regulations start being enforced?

May 25, 2018.

What are the key roles organizations need to be aware of as it relates to handling data under GDPR regulations?

Two primary roles:

Controller

An entity that determines the purposes, conditions and means of the processing of personal data

Processor

An entity which processes personal data on behalf of the controller

What are the GDPR lawful basis for processing data?

• Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

• Contract

• Legal obligation

• Vital interests

• Public task

• Legitimate interests

Are there any good step-by-step guides to GDPR compliance?

This site lays things out at a high level with a 12-step program, if you will.

How can I learn more about GDPR?

This http://gdprandyou.ie/ site is a great GDPR primer, and this PDF from Imperva is good as well. I also googled GDPR for dummies and found some good results too :-)