The GDPR requires organizations to protect personal data in all its forms.

It also changes the rules of consent and strengthens people’s privacy rights.

• Any organization (companies, charities, even micro-enterprises) that handles the personal information of EU citizens or residents is subject to the GDPR.
• That includes organizations not in the EU but that offer goods or services to people there.

If a company collects, stores, or uses the data of people in the EU, then the GDPR applies to them.

• That means they may have an obligation to change the way they operates in some fundamental ways.

The GDPR Article 5 principles relate to lawfulness, fairness, and transparency.

This means someones data can only be used if it is allowed under one of six legal justifications, it must be fair to the data subject, and it must be based on transparent and unambiguous communication with the data subject.

GDPR Article 6 covers six lawful bases to allow **processing, collecting, storing and using of someones data.

https://gdpr.eu/email-encryption/