General Data Protection Regulation

From WikiMD's Food, Medicine & Wellness Encyclopedia

CC-BY icon

File:EU-UK GDPR divergence.webm General Data Protection Regulation (GDPR) is a regulation in European Union law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It was adopted on 14 April 2016, and after a two-year transition period, became enforceable on 25 May 2018.

Overview[edit | edit source]

The GDPR is a comprehensive data protection law that replaced the 1995 Data Protection Directive. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Key principles of the GDPR include lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality (security); and accountability.

Rights of the Data Subject[edit | edit source]

Under the GDPR, individuals have several important rights, including:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (also known as the "right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Data Controllers and Processors[edit | edit source]

The GDPR distinguishes between data controllers, who determine the purposes and means of processing personal data, and data processors, who process data on behalf of the controller. Both controllers and processors have specific legal obligations under the GDPR.

Data Protection Officer[edit | edit source]

Organizations that process large amounts of personal data or engage in certain types of data processing activities are required to appoint a Data Protection Officer (DPO). The DPO's responsibilities include advising the organization about compliance with GDPR requirements and acting as a contact point for data subjects and the supervisory authority.

Penalties[edit | edit source]

Non-compliance with the GDPR can result in significant fines. The maximum fine can be up to €20 million or 4% of the company's global annual turnover of the previous financial year, whichever is higher.

Impact[edit | edit source]

The GDPR has had a significant impact on businesses and organizations worldwide, requiring many to change their practices and policies to ensure compliance. It has also influenced the development of data protection laws in other jurisdictions, making it a landmark regulation in the field of data privacy.

See Also[edit | edit source]


This Regulation-related article is a stub. You can help WikiMD by expanding it.

Wiki.png

Navigation: Wellness - Encyclopedia - Health topics - Disease Index‏‎ - Drugs - World Directory - Gray's Anatomy - Keto diet - Recipes

Search WikiMD

Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro) available.
Advertise on WikiMD

WikiMD is not a substitute for professional medical advice. See full disclaimer.

Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.


Retrieved from "https://wikimd.com/w/index.php?title=General_Data_Protection_Regulation&oldid=5621665"

Contributors: Prab R. Tumpati, MD