Regulation (EU) 2016/679 of the European Parliament and of the Council1, which is the new General Data Protection Regulation (GDPR) of the European Union (EU), lays down the rules relating to the processing by a person, company or organisation of personal data relating to people in the EU.
It does not apply to the processing of personal data of deceased persons or of legal persons.
The rules do not apply to the processing of data for exclusively personal reasons or for household activities, provided that there is no connection with a professional or commercial activity. When a person uses personal data outside their "personal sphere," for example for the exercise of socio-cultural or financial activities, data protection legislation must be respected.
Reference
- Articles 1 and 2 and recitals 1, 2, 14, 18, and 27 of the GDPR
1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).
Learn more at this link: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_pt [source].
