diff --git a/Legal/GDPR b/Legal/GDPR
deleted file mode 100644
index 3065f6b..0000000
--- a/Legal/GDPR
+++ /dev/null
@@ -1 +0,0 @@
-# GDPR
diff --git a/Legal/GDPR.md b/Legal/GDPR.md
new file mode 100644
index 0000000..bb0ff48
--- /dev/null
+++ b/Legal/GDPR.md
@@ -0,0 +1,16 @@
+# GDPR
+
+* All personal data or data which can be used to identify a person
+* Collection must be for specific use case(s)
+* Needs to be accurate (updated)
+* Data mustn't be stored longer than necessary OR for archiving, or statistical purposes.
+* User must be allowed to request deletion (store datetime for interval analysis)
+* Data must be optional unless absolutely required (e.g. HR data, customer info for invoice etc.). All other data requires approval by holder.
+* Must be at least 16 years old
+* Inform breach after 72 hours
+
+## Processing
+
+* Consent must be given by person (this consent needs to be able to demonstrate). Therefore it must be a activation checkbox and not a deactivation checkbox.
+* Must be necessary for the contract (e.g. writing invoice etc.)
+* User may request what data is stored