Home

GDPR

The General Data Protection Regulation (GDPR) is an EU regulation aimed at protecting personal data and harmonizing data privacy laws across member states. Regulation (EU) 2016/679, implemented on 25 May 2018, replaces the Data Protection Directive 95/46/EC and enhances individuals' control over their information.

Scope and roles: GDPR applies to processing of personal data of individuals in the EU by data

Principles and lawful bases: Processing must follow the principles of lawfulness, fairness, transparency; purpose limitation; data

Rights of individuals: GDPR grants rights including access to data, rectification, erasure (right to be forgotten),

Security, breach notification, and penalties: Organizations must implement appropriate technical and organizational measures. Data breaches must

Transfers and enforcement: Transfers of personal data to third countries require an adequacy decision or safeguards

Household exemption and impact: The regulation does not apply to personal data processed by individuals for

controllers
and
processors,
regardless
of
where
processing
occurs.
It
also
applies
to
organizations
outside
the
EU
offering
goods
or
services
to,
or
monitoring
the
behavior
of,
people
in
the
EU.
The
main
actors
are
the
data
controller
and
the
processor;
a
Data
Protection
Officer
is
required
in
some
cases.
minimization;
accuracy;
storage
limitation;
integrity,
confidentiality,
and
accountability.
Lawful
bases
include
consent,
contract
performance,
legal
obligation,
vital
interests,
public
task,
or
legitimate
interests.
restriction
of
processing,
data
portability,
and
objections
to
processing,
including
to
automated
decision-making
and
profiling.
Rights
are
subject
to
certain
exceptions,
and
consent
can
be
withdrawn.
be
reported
to
the
supervisory
authority
within
72
hours
and,
when
there
is
high
risk,
to
affected
individuals.
Fines
can
reach
up
to
20
million
euros
or
4%
of
global
annual
turnover,
whichever
is
higher.
such
as
Standard
Contractual
Clauses.
GDPR
is
enforced
by
independent
supervisory
authorities
in
each
member
state,
coordinated
by
the
European
Data
Protection
Board.
purely
personal
or
household
activities.