Compliance

GDPR

The General Data Protection Regulation is the EU's comprehensive data protection law that governs how organizations collect, process, store, and protect personal data of EU residents.

Also known as:General Data Protection RegulationEU Privacy Law

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union in 2018. It establishes strict rules for how organizations collect, process, and protect personal data of individuals in the EU, regardless of where the organization is located.

Key Principles

  1. Lawfulness, fairness, transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability

Individual Rights

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

Key Requirements

Lawful Basis Must have legal grounds for processing (consent, contract, legal obligation, vital interests, public task, legitimate interests).

Data Protection Officer Required for certain organizations.

Breach Notification 72-hour notification requirement.

Privacy by Design Build privacy into systems from the start.

Penalties

  • Up to €20 million or 4% of global annual revenue
  • Whichever is higher
Previous

Function Calling

Next

GRC