GDPR
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a European Union law governing how organisations collect, process, and store the personal data of individuals in the EU and EEA. It grants people rights over their data and requires businesses to obtain a lawful basis, protect data, and report breaches — with heavy penalties for non-compliance.
GDPR is built on principles such as lawfulness, data minimisation, purpose limitation, and accountability. It gives individuals rights including access, correction, erasure, and portability of their personal data, and it requires organisations to be able to demonstrate how they comply.
Crucially, GDPR applies to any organisation worldwide that offers goods or services to, or monitors, people in the EU — not just EU-based companies. Penalties for serious breaches can reach €20 million or 4% of global annual turnover, whichever is higher.
