persondataforordning

Persondataforordningen, often referred to in English as the General Data Protection Regulation (GDPR), is the European Union regulation that governs how personal data may be collected, stored, used, and shared. It was adopted in 2016 and became enforceable on 25 May 2018, replacing the earlier Data Protection Directive. The regulation applies to the processing of personal data of individuals in the EU, and it also applies to organizations outside the EU that offer goods or services to, or monitor the behavior of, people inside the EU. In Denmark it is commonly called Persondataforordningen and is implemented together with national data protection legislation.

The GDPR establishes core processing principles and rights for data subjects. Key principles include lawfulness, fairness

Processing must have a lawful basis, such as consent, a contract, a legal obligation, vital interests, public

Transfers of personal data to third countries require adequacy decisions or appropriate safeguards, such as standard