The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It became effective on May 25, 2018, and replaces the 1995 Data Protection Directive.
The GDPR sets out strict rules for how personal data must be collected, processed, and stored by organizations. It gives individuals more control over their personal data and how it's used, and also imposes significant fines on organizations that fail to comply. Key provisions of the GDPR include:
The right to access personal data: Individuals have the right to request access to the personal data an organization holds about them, as well as information about how that data is being used.
The right to rectification: If personal data is inaccurate or incomplete, individuals have the right to have it corrected.
The right to erasure: Also known as the "right to be forgotten," this gives individuals the right to have their personal data deleted in certain circumstances.
The right to restrict processing: Individuals have the right to limit the ways in which their personal data is processed.
The right to data portability: This gives individuals the right to receive their personal data in a machine-readable format, and to request that it be transferred to another organization.
Overall, the GDPR aims to protect the privacy and personal data of individuals within the EU, and to give them more control over how their data is used by organizations.