General Data Protection Regulation (GDPR)

Overview

The General Data Protection Regulation (GDPR) is a legal framework that governs the protection of personal data within the European Union (EU). It aims to give individuals control over their personal information while facilitating the free flow of personal data across the EU. GDPR applies to all entities processing personal data, regardless of location, if they offer goods or services to EU residents or monitor their behavior within the EU. It strengthens individual rights regarding data use and sets strict requirements for businesses processing personal data.

Regulation Summary

Timeline

Enacted: April 27, 2016
Implementation Period: Two years
Enforced from: May 25, 2018

What Businesses Are Affected

Businesses within the EU and non-EU companies targeting EU residents.
Applies regardless of business size or sector.

Exemptions

Household data use.
Data processed for law enforcement, public interest, or research purposes.

Responsibilities for Businesses

Appoint a Data Protection Officer (if required).
Implement data protection by design and by default.
Maintain processing records and perform Data Protection Impact Assessments (DPIAs).

Specific Responsibilities for Website Owners

Obtain informed consent for cookies.
Display clear privacy notices.
Enable users to withdraw consent easily.

Additional Requirements

Cross-border data transfers require adequate safeguards.
Mandatory reporting of data breaches within 72 hours.

Data Subject Rights

Access.
Rectification.
Erasure.
Restriction.
Data portability.
Objection.

Enforcement

Authority: Supervisory authorities in each EU country.
Fines: Up to €20 million or 4% of global turnover.
Regular audits and investigations.

Regulations

Solutions

Features

What makes Clym different? Schedule a Demo or watch an introduction to Clym.

Request a Demo→

Use Cases

Partners

Documentation

News