How to implement the control:
More information about GDPR can be found [here](https://eugdpr.org/ "EU GDPR"). Risk Ledger recommends [CyberSmart](https://cybersmart.co.uk/ "CyberSmart") as a useful tool for helping you to comply with GDPR.
Scoping question. Answer yes if your organisation collects personal data of data subjects residing in the European Union as defined by GDPR, other than the personal data of your own employees.
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based.
The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified through reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier.
If you would like to contribute to this article or provide feedback, please email firstname.lastname@example.org. Contributors will be recognised on our contributors page.