ELI5: What is GDPR?
GDPR is a European rule that says companies must ask before collecting your personal information, tell you what they do with it, and delete it if you ask. If they don’t, they can get fined a LOT of money.
Definition
The General Data Protection Regulation (GDPR) is a comprehensive EU privacy regulation that took effect in May 2018. It establishes strict requirements for how organizations collect, process, store, and transfer personal data of EU residents — regardless of where the organization is located. GDPR introduced key rights for data subjects (right to access, right to erasure, right to portability) and significant penalties for non-compliance.
Key Details
- Territorial scope: applies to any organization worldwide that processes personal data of EU/EEA residents
- Key rights: right of access, right to erasure (“right to be forgotten”), right to data portability, right to object to processing
- Lawful basis: processing must have a lawful basis (consent, contract, legal obligation, legitimate interest, etc.)
- Breach notification: 72 hours to notify supervisory authority; notification to individuals for high-risk breaches
- Penalties: up to €20M or 4% of global annual turnover (whichever is higher) for the most serious violations
Connections
- Parent: regulations-and-frameworks — GDPR is the world’s most influential privacy regulation
- See also: pii-personally-identifiable-information
- See also: data-breach-notification