GDPR

What does GDPR mean?

GDPR stands for the General Data Protection Regulation. It is a comprehensive data privacy law that came into force on May 25, 2018, across the European Union (EU) and European Economic Area (EEA). The regulation governs how organizations handle personal data of individuals residing in the EU and EEA, regardless of the organization’s location.

How does GDPR work?

GDPR requires organizations that collect or process personal data to do so in a transparent, secure, and accountable manner. It introduces key principles and legal bases for data processing, including:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

Organizations must also respect individuals’ rights, such as the right to access, rectify, erase, and port their data, and are obligated to obtain clear consent where required. Data breaches must be reported to regulators within 72 hours.

GDPR sets a global benchmark for data privacy and has influenced many similar regulations worldwide. It empowers individuals with control over their personal information and imposes significant obligations and financial penalties on businesses that fail to comply.

Key impacts include:

• Encouraging better data management practices
• Reducing misuse of personal data
• Raising public awareness of data rights
• Imposing fines of up to €20 million or 4% of annual global turnover (whichever is higher)