Home/Glossary/GDPR

GDPR

The General Data Protection Regulation is the EU's comprehensive data privacy law that governs how organizations collect, process, and protect personal data.

Risk & ComplianceAlso called: "General Data Protection Regulation", "EU data privacy law"

GDPR sets the global standard for data privacy, requiring organizations worldwide to protect EU residents' personal data regardless of where processing occurs.

Why it matters

  • Non-compliance risks fines up to €20M or 4% of global annual revenue.
  • Applies to any organization processing EU residents' data, regardless of location.
  • Data breaches must be reported within 72 hours to authorities.
  • Customers can request data deletion, portability, and access to their information.
  • Privacy violations damage brand reputation and customer trust.

Key requirements

  • Lawful basis: Explicit consent or legitimate interest for data processing.
  • Data minimization: Collect only what's necessary for stated purposes.
  • Privacy by design: Build privacy protections into systems from the start.
  • Data protection officer: Required for large-scale processing operations.
  • Breach notification: 72-hour reporting requirement to supervisory authorities.
  • Subject rights: Access, rectification, erasure, portability, and objection.
  • International transfers: Adequate safeguards for data leaving the EU.

Implementation checklist

  • Conduct data mapping and inventory.
  • Update privacy policies and consent mechanisms.
  • Implement data subject rights procedures.
  • Establish breach notification workflows.
  • Document processing activities and legal basis.
  • Review vendor contracts for data processing agreements.

Related Tools

Related Articles

View all articles
SOC Alert Triage & Investigation Workflow | Complete Guide

SOC Alert Triage & Investigation Workflow | Complete Guide

Master the complete SOC alert triage lifecycle with this practical guide covering SIEM alert handling, context enrichment, threat intelligence correlation, MITRE ATT&CK mapping, and incident escalation. Learn industry frameworks from NIST, SANS, and real-world best practices to reduce MTTC by 90% and eliminate alert fatigue.

Read article →
Penetration Testing Methodology Workflow | Complete Pentest

Penetration Testing Methodology Workflow | Complete Pentest

Master the complete penetration testing lifecycle from pre-engagement to remediation validation. Learn PTES framework, ethical hacking methodology, vulnerability exploitation, and post-exploitation techniques with practical tools and industry best practices.

Read article →
Data Breach Response & Notification Workflow | GDPR & HIPAA

Data Breach Response & Notification Workflow | GDPR & HIPAA

Master the complete data breach response workflow from detection to recovery. This comprehensive guide covers GDPR 72-hour notification, HIPAA breach reporting, forensic investigation, regulatory compliance, and customer notification strategies with practical tools and legal frameworks.

Read article →
Cloud Migration & Validation Workflow | Complete Migration

Cloud Migration & Validation Workflow | Complete Migration

Execute flawless cloud migrations using proven 7R strategies, AWS Well-Architected Framework, and comprehensive validation at every stage—from discovery to production optimization.

Read article →

Explore More Risk & Compliance

View all terms

Compliance Penalty

Financial fines and sanctions imposed for failing to meet regulatory data protection and security requirements.

Read more →

HIPAA

The Health Insurance Portability and Accountability Act establishes standards for protecting sensitive patient health information in the United States.

Read more →

SOC 2

Service Organization Control 2 is an auditing standard for service providers that store customer data, focusing on security, availability, processing integrity, confidentiality, and privacy.

Read more →
Back to glossary