General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a European Union regulation established to protect the personal data of individuals and to ensure their privacy.

The key rules of the GDPR include:

• Consent: Organizations must obtain clear and explicit consent from individuals before collecting and processing their personal data. Consent must be freely given, specific, informed, and unambiguous.

• Right of Access: Individuals have the right to request access to their personal data held by an organization. The organization must provide a copy of this data and inform the individual about how their data is being used.

• Right to Rectification: Individuals have the right to request the correction of their personal data if it is inaccurate or incomplete.

• Right to Erasure: Individuals have the right to request the deletion of their personal data ("right to be forgotten") when the data is no longer necessary for the purposes for which it was collected or when the individual withdraws their consent.

• Right to Restrict Processing: Individuals have the right to request the restriction of the processing of their personal data in certain circumstances, such as when they contest the accuracy of the data or16 when the processing is unlawful.

• Right to Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another organization without hindrance.

• Right to Object: Individuals have the right to object to the processing of their personal data for reasons related to their particular situation. Organizations must stop processing the data unless they can demonstrate that there are compelling legitimate grounds for the processing.

• Data Breach Notification: Organizations must notify the competent authorities and individuals in the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals.