GDPR
The European Union's comprehensive data protection regulation that sets strict rules for how organizations collect, store, and process personal data.
Also known as: General Data Protection Regulation, EU Data Protection Regulation, European Privacy Law
Category: Principles
Tags: privacy, regulations, data-protection, compliance, european-union, laws
Explanation
The General Data Protection Regulation (GDPR) is a comprehensive privacy law enacted by the European Union in 2018 that governs how organizations worldwide must handle the personal data of EU residents. It represents the most significant change to data privacy regulation in decades and has become a global benchmark for privacy legislation.
Key principles of GDPR:
1) Lawfulness, fairness, and transparency - data must be processed legally and openly
2) Purpose limitation - data collected for specific, explicit purposes only
3) Data minimization - collect only what's necessary
4) Accuracy - keep data correct and up to date
5) Storage limitation - don't keep data longer than needed
6) Integrity and confidentiality - protect data with appropriate security
7) Accountability - organizations must demonstrate compliance
Individual rights under GDPR include: the right to access your data, the right to rectification, the right to erasure (right to be forgotten), the right to data portability, and the right to object to processing.
Organizations must: obtain valid consent before processing personal data, appoint Data Protection Officers where required, report data breaches within 72 hours, and conduct Data Protection Impact Assessments for high-risk processing.
Non-compliance can result in fines up to 20 million euros or 4% of global annual turnover, whichever is higher. GDPR applies to any organization processing EU residents' data, regardless of where the organization is located.
The regulation has influenced privacy laws worldwide, including California's CCPA, Brazil's LGPD, and similar legislation across many countries.
Related Concepts
← Back to all concepts