What is GDPR?
This is the General Data Protection Regulation enacted into law in the EU and the UK (UK GDPR) also known as the Data Protection Act 2018.
GDPR (General Data Protection Regulation) is a European Union (EU) law that protects the privacy and personal data of individuals. It was enacted on May 25, 2018, and applies to any organization that processes the personal data of EU citizens, regardless of location.
Key Principles of GDPR:
- Lawfulness, Fairness, and Transparency – Data must be collected and used in a fair, legal, and transparent manner.
- Purpose Limitation – Data can only be used for the specific purpose it was collected for.
- Data Minimization – Only the necessary amount of data should be collected.
- Accuracy – Personal data must be kept accurate and up to date.
- Storage Limitation – Data cannot be kept longer than necessary.
- Integrity and Confidentiality – Data must be protected against breaches, loss, or unauthorized access.
- Accountability – Organizations must take responsibility for GDPR compliance and be able to demonstrate it.
What Counts as "Personal Data" Under GDPR?
Any information that can identify an individual, such as:
✅ Names & email addresses
✅ Phone numbers
✅ IP addresses
✅ Financial details
✅ Health records
✅ Biometric data
Key GDPR Rights for Individuals:
- Right to Access – Individuals can request their personal data.
- Right to Rectification – They can correct inaccurate data.
- Right to Erasure ("Right to Be Forgotten") – They can request data deletion.
- Right to Data Portability – They can transfer data between services.
- Right to Object – They can refuse certain data processing.
- Right to Restriction – They can limit how their data is used.
Who Must Comply with GDPR?
✅ EU-based companies
✅ Non-EU companies that process EU citizens’ data (e.g., U.S. businesses handling EU customers)
GDPR Non-Compliance Penalties:
💰 Fines of up to €20 million (£20 million in the UK) or 4% of global annual revenue (whichever is higher).