Back to Regulations
🛡️

GDPR

EU

General Data Protection Regulation

Data ProtectionEffective: 25. Mai 2018

Your Compliance Status

80%
4 of 5 requirements met

Overview

The EU General Data Protection Regulation (GDPR) is the most comprehensive data protection law globally, governing how organizations collect, store, and process personal data of EU residents.

Key Points

  • 1

    Applies to any organization processing EU residents' personal data

  • 2

    Requires explicit consent for data processing or other lawful basis

  • 3

    Mandates Data Protection Officers for certain organizations

  • 4

    Grants data subjects rights including access, rectification, erasure

  • 5

    Requires 72-hour breach notification to supervisory authorities

  • 6

    Restricts international data transfers outside EU/EEA

Requirements Checklist

Data Processing Agreement

Compliant

Establish DPAs with all data processors

Privacy Policy

Compliant

Maintain transparent privacy policy

Data Subject Rights Portal

Compliant

Enable data access and deletion requests

Breach Notification Procedure

Partially Compliant

72-hour notification mechanism

Data Protection Impact Assessment

Compliant

DPIA for high-risk processing

Penalties for Non-Compliance

Up to €20 million or 4% of annual global turnover, whichever is higher

Official Resources

Official GDPR TextEuropean Data Protection Board

Related Inquiries

Related Documents

Data Processing Agreement Template

540 KB

Privacy Policy v3.2

128 KB

Technical and Organizational Measures (TOMs)

420 KB