GDPR
What is GDPR?
GDPRThe European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
The General Data Protection Regulation (Regulation (EU) 2016/679) is the European Union's comprehensive data-protection law, in force since 25 May 2018. It applies to any organization processing personal data of individuals in the EU or EEA, regardless of where the organization is based, and codifies principles such as lawfulness, purpose limitation, data minimization, and accountability. GDPR grants data subjects rights including access, rectification, erasure, portability, and objection, and requires controllers to perform Data Protection Impact Assessments for high-risk processing. Supervisory authorities can impose administrative fines of up to 4% of global annual turnover or €20 million, whichever is higher.
● Examples
- 01
A U.S. e-commerce site offering goods to EU consumers must publish a GDPR-compliant privacy notice.
- 02
A French employer responding to an employee's right-of-access request within one month.
● Frequently asked questions
What is GDPR?
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA. It belongs to the Compliance & Frameworks category of cybersecurity.
What does GDPR mean?
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
How do you defend against GDPR?
Defences for GDPR typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for GDPR?
Common alternative names include: General Data Protection Regulation, Regulation (EU) 2016/679.