General Data Protection Regulation (GDPR)

If an organization fails to comply with the GDPR, it can receive a hefty fine of up to €20 million or 4% of the company’s global annual turnover, whichever is greater.

Principles of GDPR

Lawfulness, fairness and transparency. Personal data must be processed lawfully, fairly and transparently.

Purpose limitation. Data should only be collected for specific, explicit and legitimate purposes. Limitation of purpose.

Data minimization. Only necessary data should be collected for a specific purpose. Minimize data.

Precision. Personal data should be accurate and kept up-to-date. Personal data should be accurate and kept up-to-date.

Storage Restrictions. Data should not be retained longer than necessary. Data should not be retained longer than necessary.

Privacy and confidentiality. Data should be handled in such a way that appropriate security is ensured. Data should be handled in such a way that appropriate security is ensured.

Accountability.The Data Controller is responsible for complying with the GDPR principles.

Rights under the GDPR

Right to receive information. Physical persons have the right to be informed about the collection and use of their personal data.

Right to access. Physical persons may request access to their personal data. Right of access

Right to rectification. A person may obtain the correction of inaccurate personal data. Right to rectification

Right to erasure. The right allows people to have their data deleted under certain circumstances. Right to erasure.

Right to restrict processing. People can request that their data not be used for processing. Right to restrict processing.

Right to data portability. Persons may receive and reuse their personal data for their own purposes in different services. Right to data portability

Right to object.In certain circumstances, an individual may object to the processing of their personal data.