← Back to Glossary

GDPR (General Data Protection Regulation)

The EU's comprehensive data privacy regulation that governs how organizations collect, process, and store personal data of EU residents.

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It was adopted on April 14, 2016, and became enforceable on May 25, 2018. The GDPR aims to give individuals control over their personal data and to simplify the regulatory environment for international business. It applies to any organization that processes personal data of EU residents, regardless of where the organization is based. Non-compliance can result in fines up to €20 million or 4% of annual global turnover. The GDPR establishes seven key principles: lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

Related Terms

DPA (Data Processing Agreement)DPIA (Data Protection Impact Assessment)DPO (Data Protection Officer)DSR (Data Subject Request)ConsentData ControllerData Processor

Related Guides

Complete GDPR Compliance Guide (2026)

The complete guide to GDPR compliance in 2026. Learn about lawful bases, data subject rights, DPIAs, breach notification, and how to build a compliance program.

Ready to Simplify Your Compliance?

Start automating your privacy compliance today. No credit card required.

Start Free