JUS. Legal Tech Hub
Type:comprehensive
Scope:international
Effective:May 25, 2018
Authority:Federal Commissioner for Data Protection (BfDI)
Summary
The General Data Protection Regulation (GDPR) is the primary data protection law in the EU/EEA, establishing rules for processing personal data and granting individuals rights over their data.
Full Text
# General Data Protection Regulation (GDPR) The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. ## Key Principles 1. **Lawfulness, fairness and transparency** - Personal data shall be processed lawfully, fairly and in a transparent manner 2. **Purpose limitation** - Personal data shall be collected for specified, explicit and legitimate purposes 3. **Data minimisation** - Personal data shall be adequate, relevant and limited to what is necessary 4. **Accuracy** - Personal data shall be accurate and, where necessary, kept up to date 5. **Storage limitation** - Personal data shall be kept for no longer than is necessary 6. **Integrity and confidentiality** - Personal data shall be processed in a manner that ensures appropriate security ## Data Subject Rights - Right to be informed - Right of access - Right to rectification - Right to erasure - Right to restrict processing - Right to data portability - Right to object - Rights related to automated decision making ## Enforcement Supervisory authorities can impose fines up to €20 million or 4% of annual global turnover.