The General Data Protection Regulation (GDPR) is a regulation of the European Union. The GDPR is a standardization of data protection in Europe. It regulates how data and especially personal data may be collected and/or processed by companies, associations, public authorities and private individuals. On the one hand, this is intended to give citizens better control over their data and, on the other hand, to ensure the free movement of data within the European Single Market.
Art. 5 of the GDPR sets out the various basic principles for data processing. These regulate how the storage and processing of data can take place in accordance with the law.
The objective of the GDPR is to protect the fundamental rights and freedoms of a natural person and in particular their right to protection of personal data. Everyone should be able to make informed decisions about what happens to their data.
Failure to comply with the data protection principles can have unpleasant consequences. Violations of the personal data processing principles may result in a fine of up to €20,000,000 or, in the case of a company, up to 4% of its total annual worldwide turnover in the previous financial year, as well as action by the supervisory authority (Article 83(5)(a) GDPR).
Image credits: Header- & Featured image by Wilfried Pohnke on Pixabay