GDPR

General Data Protection Regulation

GDPR
The General Data Protection Regulation(GDPR) is a comprehensive data protection law enacted by the European Union to enhance individuals’ control over their personal data to harmonise data protection rules across EU member states.

GDPR was introduced in response to rapid technological developments and the increasing scale of personal data processing in the digital economy.

GDPR emphasises the protection of individuals’ fundamental rights and freedoms, particularly the right to data protection. The regulation stengthens data subject rights by granting individuals greater control over how their personal data is collected and used. GDPR aims to harmonise data protection laws across the EU, creating a consistent regulatory framework.

Personal data under GDPR includes any information that can directly or indirectly identify an individual. The data subject refers to an identifiable individual whose personal data is being processed. GDPR clearly distinguishes between data controllers and data processors, assigning different responsibilities to each.

Under GDPR, personal data must be processed lawfully, fairly, and transparently, and must be based on a valid lawful basis such as consent or contractual necessity. GDPR significantly enhances individual rights, including the right of access, rectification, erasure, restriction of processing, data portability, and the right to object.

The substantial administrative fines under GDPR serve as a strong deterrent against non-compliance.

In conclusion, GDPR represents a significant advancement in data protection law by reinforcing individual rights, enhancing transparency, and establishing a unified regulatory framework across the European Union. However, its practical implementation continues to present challenges for organisations worldwide.