GDPR (General Data Protection Regulation)

A comprehensive data protection law enacted by the European Union in 2018 that governs how personal data must be collected, processed, stored, and protected. GDPR applies to any organisation that processes data of EU residents, regardless of where the organisation is located. The regulation grants individuals extensive rights over their data including access, correction, deletion, and portability. Non-compliance can result in severe penalties, up to €20 million or 4% of global annual revenue, whichever is higher. Key requirements include obtaining explicit consent, providing clear privacy policies, implementing data protection measures, reporting breaches within 72 hours, and appointing data protection officers for certain organisations.

Why it matters

GDPR compliance is non-negotiable for businesses serving European customers. Even small violations can trigger devastating fines. Understanding basic requirements (privacy policies, consent mechanisms, data handling) protects your business and builds customer trust.

← All 168 terms