To protect personal rights in the digital space, both against abuse and against ever increasing cybercrime, the EU decided to revise its existing data protection laws and create a unified framework by which every data processor should abide. The main purpose of the GDPR is to strengthen and unify data protection for all individuals within the European Union (EU). This paper discusses key obligations brought up by GDPR and how to handle incidents:

• Personally identifiable information (PII)
• Jurisdiction
• Penalties
• Consent
• Data subject rights
• And more