The General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) on May 25, 2018. It is designed to enhance individuals’ control and rights over their personal data and to unify data protection regulations across Europe. Here are some key points about GDPR:

### Key Principles of GDPR 1. **Lawfulness, Fairness, and Transparency**: Personal data must be processed lawfully, fairly, and in a transparent manner concerning the data subject.

2. **Purpose Limitation**: Data should be collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes.

3. **Data Minimization**: The amount of personal data collected should be limited to what is necessary for the purposes of processing.

4. **Accuracy**: Data must be accurate and, where necessary, kept up to date.

5. **Storage Limitation**: Personal data should be retained only as long as necessary for the purposes for which it was processed.

6. **Integrity and Confidentiality**: Data should be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

7. **Accountability**: Organizations must be able to demonstrate compliance with the GDPR principles.

### Rights of Individuals

GDPR provides several rights to individuals (data subjects), including:

– **Right to Access**: Individuals have the right to obtain confirmation as to whether or not their personal data is being processed and access to that data.

– **Right to Rectification**: Individuals can request correction of inaccurate personal data.

– **Right to Erasure**: Also known as the “right to be forgotten,” individuals can request the deletion of their personal data under certain circumstances.

– **Right to Restriction of Processing**: Individuals can request limitation of processing under certain conditions.

– **Right to Data Portability**: Individuals can request to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.

– **Right to Object**: Individuals can object to the processing of their personal data under certain conditions.

– **Rights related to automated decision-making and profiling**: Individuals have rights concerning automated processing that produces legal effects or significantly affects them.

### Applicability

GDPR applies to:

– Organizations located within the EU.
– Organizations located outside the EU that offer goods or services to or monitor the behavior of individuals in the EU.

### Penalties for Non-compliance

Organizations can face significant fines for non-compliance with GDPR, which can reach up to €20 million or 4% of annual global turnover, whichever is higher.

### Conclusion

The GDPR represents a significant shift towards stronger data protection for individuals, emphasizing accountability and transparency from organizations handling personal data. Understanding and complying with GDPR is crucial for any organization operating in or dealing with data subjects in the EU.

Slide Up
x