Overview
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.
Key Principles
- Lawfulness, Fairness, and Transparency: Data processing must be legal and clear to the user.
- Purpose Limitation: Data should only be collected for specific, stated purposes.
- Data Minimization: Only collect the data that is strictly necessary.
- Accuracy: Keep personal data up to date.
- Storage Limitation: Don't keep data longer than needed.
- Integrity and Confidentiality: Ensure data is kept secure.
Rights of Individuals
Includes the right to be forgotten, the right of access, and the right to data portability.