General Data Protection Regulation (GDPR)

What is GDPR?

GDPR stands for the General Data Protection Regulation, which is a comprehensive data privacy regulation that came into effect in the European Union (EU) on May 25, 2018. GDPR is designed to protect the personal data of EU citizens and residents and to give them more control over how their data is collected, processed, and stored by organizations. It applies not only to businesses and organizations based in the EU but also to those outside the EU that process the personal data of EU citizens.

Key principles and provisions of General Data Protection Regulation include:

  1. Consent: Organizations must obtain clear and explicit consent from individuals before collecting and processing their personal data. Consent should be easy to withdraw.
  2. Data Subject Rights: General Data Protection Regulation grants individuals several rights, including the right to access their data, request its deletion, and object to its processing.
  3. Data Portability: Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format, allowing them to transfer it to other service providers.
  4. Data Protection Officers (DPOs): Certain organizations are required to appoint a Data Protection Officer responsible for ensuring compliance with General Data Protection Regulation.
  5. Data Breach Notification: Organizations must notify authorities and affected individuals of data breaches within 72 hours of becoming aware of them.
  6. Privacy by Design and Default: Data protection should be integrated into systems and processes from the outset (privacy by design) and should be the default setting for any data processing activities.
  7. Accountability: Organizations are accountable for their data processing activities and must be able to demonstrate compliance with General Data Protection Regulation through documentation and records.
  8. Penalties: GDPR imposes significant fines for non-compliance, with penalties reaching up to 4% of an organization’s global annual revenue or €20 million, whichever is higher.
  9. Cross-Border Data Transfers: GDPR restricts the transfer of personal data outside the EU to countries that do not provide an adequate level of data protection.
  10. Data Protection Impact Assessments (DPIAs): Organizations must conduct DPIAs for high-risk data processing activities to assess and mitigate privacy risks.

GDPR has had a profound impact on how organizations worldwide handle personal data, as it requires them to implement stricter data protection measures, be more transparent about their data practices, and take data privacy seriously. It was enacted to empower individuals and strengthen their privacy rights in an increasingly digital and data-driven world.

Just-in-time access permission management

30-Day Free Trial

Get Started

What does GDPR means?

What are the 7 principles of GDPR?

Why are the GDPR principles important?

What is protected by the GDPR?

What is GDPR main goal?

What is personal data according to the GDPR?

Which rights are protected under GDPR ?

What does GDPR require by law?

How do I comply with GDPR?

What is classified as a data breach by GDPR?

What information is not covered by GDPR?

A

B

Birthright Access

Bastion Host

C

Cloud Security Posture Management (CSPM)

Cloud Workload Protection (CWP)

Cloud Security

Credential Stuffing

Continuous Adaptive Risk Trust Assessment (CARTA)

Credentials Rotation

Cloud Infrastructure Entitlement Management (CIEM)

Cloud Access Management

Cloud Privileged Access Management

Credential Theft

Context-Based Access Management

Cloud Access Management

Cloud Governance

D

DevOps vs DevSecOps

Data Access Management

F

Federated Access

Fedramp Compliance

G

Gramm-Leach-Bliley Act (GLBA)

Group Based Access Control (GBAC)

H

Honeypot

HIPAA compliance

I

IGA (Identity Governance Administration)

Identity Governance

Identity Provider (IDP)

Identity-as-a-Service (IDaaS)

Identity Governance Administration

IT Security Policy

Incident Response

Insider Threats

Identity Sprawl

L

Log Analysis Management

Least Privilege Principle

Lightweight Directory Access Protocol (LDAP)

M

Man-in-the-Middle Attack

Multi-cloud Security

O

Open Authorization (OAuth)

On-call Access Management

P

Permissions Management

PAM vs IAM

Privileged Access Management as a Service (PAMaaS)

Password Vaulting

Privileged Identity Management (PIM)

Privilege Creep

Password Spraying

PCI Compliance

R

Relationship-Based Access Control (ReBAC)

S

Shadow Access

System for Cross-domain Identity Management (SCIM)

Security Assertion Markup Language (SAML)

Security Information and Event Management (SIEM)