Term: "GDPR"
Definition
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, within the European Union (EU) and the European Economic Area (EEA). It was designed to give individuals more control over their personal data and to unify data protection regulations across all EU member states, thereby simplifying the regulatory environment for international business.
The GDPR applies to all organizations, regardless of location, that process or hold personal data of individuals residing in the EU and EEA. The regulation mandates strict guidelines on data consent, data anonymization, data breach notification, and the safe handling of data transfer across borders. It also grants individuals several rights, including the right to access their personal data, the right to be forgotten, the right to data portability, and the right to be informed about data breaches that may affect them.
Non-compliance with GDPR can result in significant penalties, including fines of up to 4% of annual global turnover or €20 million (whichever is greater). The GDPR's implementation marks a significant shift in the global approach to data privacy, influencing many countries outside the EU to reconsider and strengthen their own data protection laws.