The General Data Protection Regulation (GDPR) is the data protection law of the European Union. It is designed to allow individuals to have more control over their personal data and imposes new obligations on organizations collecting, managing, or analyzing such data, including organizations outside of the European Union.
Individuals have the following rights
- Access and export their rights
- Deleting their personal data
- Correct errors in their personal data
- Oppose the processing of their personal data
- Audits and disclosures
Companies and organizations must
- Protect your personal data by taking appropriate security measures
- Disclose violations of personal data to the authorities
- Receive consent to the collection and processing of personal data
- Keep records that provide detailed information about data processing activities.
Companies and organizations must implement policies that
- Provide clear disclosure for data collection
- Describe why and when personal data is processed
- Define data retention and deleted policies
For more information, visit the eugdpr.org page. eugdpr.org.