The General Data Protection Regulation (GDPR) is a European regulation that must be respected by any data controller of at least 1 European citizen.
In a few words, the GDPR makes the following changes:
- More rights for European citizens (right to forget, right to data portability, etc.).
- More data security (risk analysis, data protection from the design stage, mandatory notification in the event of a security incident)
- More more controls on data processing (consent of users, supervision of transfers to subcontractors or to countries outside the European Economic Area)
- More more sanctions on companies that do not comply with the regulation (up to a maximum of €20 million or 4% of worldwide turnover)
- A worldwide scope, any entity processing European citizens' data must comply with the regulation