G
GDPR (General Data Protection Regulation)
A comprehensive EU data privacy law that gives individuals control over their personal data and imposes obligations on organizations processing it.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data privacy law enacted by the European Union in 2018. It gives EU residents control over their personal data and establishes strict requirements for organizations that collect, process, or store personal data.
Key Principles
- Lawfulness, Fairness, Transparency: Clear, legitimate data processing
- Purpose Limitation: Data used only for specified purposes
- Data Minimization: Collect only necessary data
- Accuracy: Keep data accurate and updated
- Storage Limitation: Retain data only as long as needed
- Integrity and Confidentiality: Ensure data security
- Accountability: Demonstrate compliance
Individual Rights
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure (right to be forgotten)
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
Organizational Requirements
- Appoint Data Protection Officer (if required)
- Conduct Data Protection Impact Assessments
- Implement appropriate technical measures
- Maintain records of processing activities
- Report breaches within 72 hours
Penalties
- Up to 20 million euros or 4% of global annual revenue
- Whichever is higher