GDPR (General Data Protection Regulation)

Search Knowledge Base by Keyword

In a nutshell, the GDPR is a European Union regulation that outlines how companies, governments and other data processors must manage people’s data. It probably applies to you if you do business in the EU, or if you collect or store information about European citizens.

The GDPR grants individuals (who it calls data subjects) the right to see whether their data is being collected, see a record of that data, and correct any inaccuracies in the data. The process by which someone can request this info is called a Data Subject Request, and businesses under GDPR need to have a system in place to handle these quickly. 

There are a couple of other important powers the GDPR bestows. It lets individuals get their data erased (Right to Erasure), or forbid a controller from processing it (Right to be Forgotten). And it requires controllers to obtain explicit consent from individuals before they begin capturing their data. The last major pillar of GDPR concerns organizational practices. It sets out rules for how to collect and store data, and it also contains rules for responding to a data breach. Violations of GDPR are serious business, and EU regulators are permitted to impose a fine of up to 4% of global revenue on rule-breaking Data Processors. That’s a lot! For a more detailed explainer of the GDPR and its implications for business, check out this lucid Wall Street Journal explainer.