The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union (EU) that went into effect on May 25, 2018. It control how companies contain procedures and protect personal data of EU citizens.
1. Authorization: Companies must acquire specific authosization from individuals before collecting their personal data.
2. Data minimization: Companies can only contain and procedures the minimum amount of personal data necessary to achieve their purpose.
3. Data protection by design and default: Companies must implement data protection principles and defense into their procedure and systems by design and default.
4. Data subject rights: Individuals have the right to access, rectify, erase, restrict processing, object to processing, and data portability.
5. Breach notification: Companies must notify the relevant authorities and affected individuals in the event of a data breach.
6. Data protection officer (DPO): Companies must appoint a DPO to oversee data protection compliance.
1. Operates in the EU
2. Offers goods or services to EU residents
3. Monitors the behavior of EU residents
Non-compliance with GDPR can result in significant fines of up to €20 million or 4% of the company's global annual turnover.
