GDPR - General Data Protection Regulation

The GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Adopted on April 27, 2016, and in effect since May 25, 2018.


This regulation applies to any organization operating within the EU and outside of the EU if they offer goods or services to or monitor the behavior of EU data subjects. It sets strict standards for how personal data must be handled and processed and gives EU citizens more control over their personal data.

Key provisions of the GDPR:

  • Harmonize data protection laws across the EU so that individuals have a consistent level of protection of their personal data wherever they are in the EU;
  • Give individuals greater control over their personal data by establishing new rights, such as the right to access, the right to erasure, and the right to data portability;
  • Strengthen the enforcement of data protection laws by introducing significant fines for organizations that breach the regulation;
  • Increase transparency by requiring organizations to be more open and transparent about how they use personal data.

The GDPR has the main aim to protect the privacy of EU citizens and ensure that their data is handled responsibly and with respect for their rights.

Organizations that fail to comply with the GDPR can face significant fines, including amounts up to 4% of an organization's global annual revenue or up to €20 million (whichever is higher). The GDPR also gives individuals the right to take legal action against organizations that breach this regulation.

It's important to note that the GDPR is a complex regulation, and organizations should seek professional advice to ensure that they are fully compliant with it.