The General Data Privacy Regulation (GDPR) is an EU regulation pertaining to the rights of EU nationals to their personal data, namely the right to locate and "be forgotten". Some traceability data collected as part of the technical information and Basic Universal List could be subject to GDPR. If companies and solution providers are keeping information for both compliance in the EU and the US (e.g. SIMP), there may be concern that their data warehousing may require additional functionality to accommodate GDPR. To ease implementation of GDST 1.0, GDST's recommendation on being GDPR compliant is that no personally identifying data is collected, but rather organizational information. When possible, non-personally identifying contact information should be used in Location master data. This information can be used for SIMP compliance while not requiring companies to treat traceability data as subject to GDPR.

An example of of non-personally identifying contact information:
Name: Farm Manager
Telephone: +1 800 123-4567

Edit on GitHub