Introduction to GDPR
This module provides an overview of the General Data Protection Regulation (GDPR) and its importance in protecting personal data and privacy.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that was introduced by the European Union (EU) to safeguard the personal data and privacy of individuals.
Why GDPR was introduced:
- To provide individuals with greater control over their personal data
- To harmonize data protection laws across EU member states
- To address the challenges posed by the digital economy and globalization
Key Terms
Understanding the following terms is essential for GDPR compliance:
- Personal Data: Any information relating to an identified or identifiable individual (e.g., name, email, IP address)
- Data Controller: The entity that determines the purposes and means of processing personal data
- Data Processor: The entity that processes personal data on behalf of the data controller
- Data Subject: The individual whose personal data is being processed
Importance of GDPR Compliance
GDPR compliance is crucial for both organizations and individuals:
- For Organizations: Non-compliance can result in hefty fines (up to 4% of global annual turnover or €20 million, whichever is higher)
- For Individuals: GDPR empowers individuals with rights such as access to their data, rectification, erasure, and data portability