GDPR (General Data Protection Regulation)
Definition
GDPR is a European Union regulation that governs the collection, processing, and storage of personal data of EU citizens, imposing strict requirements on organizations worldwide.
Explanation
Effective May 2018, GDPR gives individuals greater control over their personal data. Key requirements include obtaining explicit consent for data processing, providing data breach notifications, appointing a Data Protection Officer (DPO), and honoring data subject rights such as the right to access, rectification, and erasure.
Non-compliance can result in fines of up to 4% of annual global revenue or 20 million euros, whichever is higher. GDPR applies to any organization that processes the personal data of EU residents, regardless of where the organization is based.
Example
A US-based financial software company serving EU customers must implement GDPR-compliant data protection measures, including data encryption, consent management, and the ability to delete user data upon request.