Definition: The General Data Protection Regulation (GDPR) imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. It will levy harsh fines against those who violate its privacy and security standards. The GDPR entered into force in 2016 after passing European Parliament,
and as of May 25, 2018, all organizations were required to be compliant.
The GDPR defines an array of legal terms at length, including: personal data, data processing, data subject, data controller, and data processor.
The key regulatory points of the GDPR are: data protecion principles, accountability, data security, data protection by design and by default, when you're allowed to process data, consent, data protection officers, and people's privacy rights.
Rights of the data subject include: transparency and modalities, information and access to personal data, rectification and erasure, right to object and automated individual decision-making, and restrictions.
Related terms: data privacy, data security, rights, protection, access
Found in: GDPR.EU (2022). "Complete guide to GDPR compliance". https://gdpr.eu/
References: European Parliament, Council of the European Union (2016). "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)". Official Journal of the European Union L119:1-88. CELEX number: 32016R0679. https://eur-lex.europa.eu/search.html?scope=EURLEX&text=gdpr&lang=en&type=quick&qid=1654617951994