1. All 99 articles separated in chapters - General Data Protection Regulation (GDPR) – Final text neatly arranged
2. Who?
2.1. European Parliament
2.2. Council of the European Union
2.3. European Commission
3. About
3.1. Proposed and created in EU headquarters
3.2. Proposed on 25 January 2012
3.3. Created on 27 April 2016
3.4. Implementation on 25 May 2018
4. What?
4.1. Public sector data handling
4.2. Data protection
4.2.1. Sexual orientation
4.2.2. Political opinions
4.2.3. Basic identity information
4.2.3.1. IP address
4.2.3.2. Name
4.2.3.3. Home address
4.2.4. Web data
4.2.5. Health and genetic data
4.2.6. Biometric data
4.2.7. Racial or ethnic data
4.2.8. By Default
4.2.8.1. Data owner, not the cloud services, holds the decryption keys
4.2.8.2. Encryption and decryption operations must be carried out locally, not by remote services
4.3. Business data handling
4.4. Records of processing activities
4.5. New framework of data protection laws
4.6. Sanctions
4.7. Pseudonymisation
4.7.1. Transforms personal data
4.8. Data subject rights
4.8.1. Data portability
4.8.2. Data breaches
4.8.2.1. Notify inviduals
4.8.2.2. Notify the controller
4.8.3. Access
4.8.4. To be forgotten
4.8.5. Privacy by design
4.8.6. Data protection officers
5. Preparation
5.1. GDPR has varying impact on businesses and organisations
5.2. 12-step guide is available here - https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf
5.3. Steps include making senior business leaders aware of the regulation, updating procedures and preparations for data breach
6. Why?
6.1. Outdated old regulations(1995)
6.2. Improving technologies and need of more control
6.3. Regulate the exportation of personal data outside the EU
6.4. To change the way companies approach data
6.4.1. Quicker response to data leaks
6.4.2. Data privacy officer position
6.4.3. Make data portable
6.4.4. Encrypt sensitive data
6.5. Secures every EU citizen
7. Impact on
7.1. Every company, but especially on companies of 250< employees
7.1.1. Company must have 2 positions - data controller and processor
7.1.1.1. Processor - person or group that processes data on behalf of controller
7.1.1.2. Controller - entity that decides the purpose and manner that personal data is used
7.1.2. If businesses don't comply with new regulations, fines are up to 20 million dollars or 4 percent of a firm's global turnover
7.2. The relationship between customer and company
7.2.1. Individuals have a lot more power to access(and edit) the information that's held about them FREELY