GDPR stands for General Data Protection Regulation. It is a comprehensive data protection law that governs the handling of personal data of individuals within the European Union (EU) and the European Economic Area (EEA). GDPR was implemented on May 25, 2018, and it replaced the outdated Data Protection Directive 95/46/EC.
Strengthen Data Protection
GDPR aims to enhance the protection of individuals' personal data by regulating how it is collected, processed, stored, and transferred by organisations.
Empower Individuals
GDPR grants individuals greater control over their personal data. It provides them with various rights, such as the right to access their data, the right to rectify inaccuracies, the right to erasure ("right to be forgotten"), the right to restrict processing, the right to data portability, and the right to object to certain types of processing.
Increase Accountability and Compliance
GDPR imposes strict requirements on organisations that handle personal data. It emphasises accountability and transparency, requiring organisations to implement appropriate technical and organisational measures to ensure compliance with the regulation.
Harmonise Data Protection Laws
GDPR is designed to harmonise data protection laws across the EU and EEA member states, providing a consistent framework for data protection and simplifying the regulatory environment for businesses operating within the region.
Key principles of GDPR include:
- Lawfulness, fairness, and transparency in data processing.
- Purpose limitation: Personal data should be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation: Only collect and process personal data that is necessary for the intended purpose.
- Accuracy: Personal data should be accurate and, where necessary, kept up to date.
- Storage limitation: Personal data should be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
- Integrity and confidentiality: Personal data should be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Non-compliance with GDPR can result in significant fines and penalties, making it imperative for organizations that handle personal data to ensure compliance with the regulation.