Adrian's KB

GDPR (Europe)

2 min read

Overview

Info

The General Data Protection Regulation (GDPR) is a data privacy law enacted by the European Union that came into effect on May 25, 2018. It governs how organizations collect, use, and protect personal data of EU residents.

GDPR has global reach—it applies to any organization that processes EU personal data, regardless of where that organization is located.

Key Objectives

  • Strengthen and unify data protection rights for individuals in the EU
  • Increase accountability and transparency in data processing
  • Harmonize data protection laws across EU member states
  • Empower individuals with greater control over their personal data

Core Principles

  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality (security)
  7. Accountability

Data Subject Rights

Note

GDPR grants individuals specific rights over their personal data:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (the “right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making and profiling

Key Requirements

  • Obtain valid consent for data collection and use
  • Provide clear and accessible privacy notices
  • Implement appropriate technical and organizational safeguards
  • Maintain detailed records of processing activities
  • Notify authorities and individuals of data breaches within 72 hours
  • Appoint a Data Protection Officer (DPO) when required

Applicability

  • Applies to any organization (inside or outside the EU) that offers goods or services to, or monitors the behavior of, EU residents
  • Includes controllers (who determine how data is used) and processors (who process data on behalf of controllers)

Enforcement and Penalties

Non-compliance can result in significant fines:

  • Up to €20 million or 4% of global annual revenue, whichever is higher
  • Supervisory authorities also have the power to issue warnings, suspend processing, and require corrective actions

Summary

Tip

GDPR is a global benchmark for data privacy. Even non-EU organizations adopt its principles to build trust, reduce risk, and support international operations.

  • Empowers individuals with control over their data
  • Imposes strict data handling obligations
  • Requires transparency, security, and accountability

Graph View