General data protection regulation (GDPR)

Page written by AI. Reviewed internally on January 30, 2024.

Definition

The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy regulation enacted by the European Union (EU) in 2018.

What is GDPR?

It is designed to safeguard the privacy and personal data of EU citizens by regulating how organisations collect, process, store, and share this information. The GDPR applies to any organisation, regardless of its location, that processes the personal data of individuals residing in the EU

The primary objective of the GDPR is to give individuals greater control over their personal data and to harmonise data protection laws across the EU member states. It aims to create a consistent framework for data protection while also addressing the challenges posed by the digital age.

Key principles of the GDPR:

  1. Lawfulness, fairness, and transparency: Personal data must be processed lawfully, fairly, and transparently. Individuals must be informed about how their data is being used.
  2. Purpose limitation: Data should only be collected for specific, explicit, and legitimate purposes.
  3. Data minimisation: Only the minimum amount of personal data necessary for a specific purpose should be collected.
  4. Accuracy: Data should be accurate, and steps should be taken to ensure it remains up-to-date.
  5. Storage limitation: Data should be kept only for as long as necessary for the purposes for which it was collected.
  6. Integrity and confidentiality: Data should be securely processed to prevent unauthorised access, unlawful actions, and accidental loss or damage.

The GDPR grants individuals several rights regarding their personal data, including the right to access, correct, and erase their data.

The GDPR has influenced data protection laws and policies worldwide, as many countries and regions have introduced or updated their own data protection regulations to align with the GDPR’s principles.

Example of GDPR

Company ABC is an e-commerce business based in the EU, selling products online. To comply with GDPR, they take the following measures:

  1. User consent: Users are asked for explicit consent before any data is collected, and they have the option to opt out.
  2. Data minimisation: The company only collects the necessary personal data required for specific purposes. Unnecessary data is not collected.
  3. Data subject rights: The company respects the rights of data subjects as outlined in GDPR. Users have the right to access, rectify, or erase their personal data.
  4. Data processing records: Company ABC maintains records of its data processing activities as required by GDPR. These records detail the purposes of processing, categories of data, and security measures in place.
  5. Data breach notification: In the event of a data breach, Company ABC follows GDPR requirements by promptly notifying the relevant supervisory authority and, if necessary, affected data subjects.

By adhering to these GDPR compliance measures, Company ABC aims to protect user privacy, build trust, and avoid potential fines or legal consequences associated with non-compliance with GDPR regulations.

Ready to grow your business?

Clever finance tips and the latest news

delivered to your inbox, every week

Join the 70,000+ businesses just like yours getting the Swoop newsletter.

Free. No spam. Opt out whenever you like.

Looks like you're in . Go to our site to find relevant products for your country. Go to Swoop