What is GDPR?

GDPR is the world's strongest privacy law. Enacted in 2018, it fundamentally changed how organizations handle personal data and gave individuals unprecedented control over their information.

Key Rights for Individuals

Right to Access

• Request a copy of all data a company holds about you
• Free of charge, within 30 days
• Must be in accessible format

Right to Rectification

• Correct inaccurate personal data
• Complete incomplete data

Right to Erasure ("Right to be Forgotten")

• Request deletion of your data
• Some exceptions (legal requirements, public interest)

Right to Data Portability

• Get your data in machine-readable format
• Transfer to another service

Right to Object

• Opt out of direct marketing
• Object to automated decision-making

Requirements for Organizations

Consent

• Must be freely given, specific, informed
• Can't be buried in terms of service
• Easy to withdraw as it is to give

Data Minimization

• Collect only what's necessary
• Don't keep data longer than needed

Security

• Appropriate technical measures
• Breach notification within 72 hours

Accountability

• Document compliance
• Appoint Data Protection Officer (if required)
• Conduct impact assessments

Global Impact

GDPR applies to:

• Any organization offering goods/services to EU residents
• Any organization monitoring EU residents' behavior
• Not just EU companies—global reach

Enforcement

Penalties can reach:

• €20 million, or
• 4% of global annual turnover
• Whichever is higher

Major fines have been issued to Amazon (€746M), WhatsApp (€225M), Google (€90M), and many others.