General Data Protection Regulation (GDPR) is a regulation adopted by the European Union (EU) in 2018. The GDPR aims to unify data privacy laws across Europe, protect the privacy of EU citizens, and change the way organizations in the region approach data privacy.
If you do not comply with the GDPR requirements, the organization may receive a large fine of up to 20 million euros or 4% of the company’s global annual turnover, whichever is greater.
GDPR Principles
Legality, fairness and transparency. Personal data must be processed lawfully, fairly and transparently.
Goal limitation. Data should only be collected for specific, explicit and legitimate purposes.
Data minimization. Only the necessary data should be collected for a specific purpose.
Accuracy. Personal data must be accurate and kept up to date.
Storage restriction. The data should not be stored for longer than necessary.
Integrity and confidentiality. The data must be processed in such a way as to ensure appropriate security.
Accountability. The data controller is responsible for compliance with GDPR principles.
Rights under GDPR
The right to receive information. Individuals have the right to receive information about the collection and use of their personal data.
The right of access. An individual may request access to their personal data.
The right to correction. A person may receive correction of inaccurate personal data.
The right to delete. The right allows people to delete their data under certain circumstances.
The right to restrict processing. A person may request that his data not be used for processing.
The right to data portability. Individuals can receive and reuse their personal data for their own purposes in various services.
The right to object. Under certain circumstances, a person may object to the processing of their personal data.