The General Data Protection Regulation (GDPR) is a European Union law that governs how organizations within and outside the EU handle the personal data of EU residents. It aims to give individuals greater control over their personal data and protects their rights while processing data. The GDPR applies to organizations that offer goods or services to individuals in the EU, or that process the data of EU residents, regardless of their location.
Personal data must be processed lawfully, fairly, and transparently
Data must be collected for specified, explicit, and legitimate purposes
Data collected must be adequate, relevant, and limited to what is necessary
Personal data must be accurate and kept up to date
Data must not be kept longer than necessary for the purposes
Data must be processed securely with appropriate technical measures
Individuals must be informed about data processing
Individuals can request access to their personal data
Individuals can request correction of inaccurate data
Individuals can request deletion of their data
Individuals can limit how their data is processed
Individuals can transfer their data to another service
Individuals can object to certain types of processing
Protection against automated profiling