GDPR
Genel Veri Koruma Tüzüğü
The General Data Protection Regulation is a comprehensive data protection law that governs the collection, processing, and storage of personal data of individuals in the European Union. It establishes strict requirements for data controllers and processors, and grants significant rights to data subjects. GDPR has become the global benchmark for data protection legislation.
Scope
- Applies to organizations processing personal data of EU residents
- Extraterritorial scope - applies regardless of where processing occurs
- Covers automated processing and manual filing systems
- Applies to data controllers and data processors
- Covers all sectors including public authorities
Data Subject Rights
- Right to access personal data (Article 15)
- Right to rectification (Article 16)
- Right to erasure - right to be forgotten (Article 17)
- Right to restriction of processing (Article 18)
- Right to data portability (Article 20)
- Right to object to processing (Article 21)
- Right not to be subject to automated decision-making (Article 22)
- Right to lodge a complaint with supervisory authority
Key Obligations
- Lawful basis for processing (Article 6)
- Data Protection Impact Assessments for high-risk processing
- Data breach notification within 72 hours
- Appointment of Data Protection Officer (DPO) when required
- Records of processing activities (Article 30)
- Privacy by design and by default
- Contract requirements for processors
- Transparent privacy notices
Penalties
GDPR imposes significant fines for non-compliance, with two tiers of penalties based on the nature of the violation.
Cross-Border Transfers
Personal data can only be transferred outside the EU/EEA to countries with adequate protection (adequacy decisions), or with appropriate safeguards such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or approved codes of conduct and certifications.
Simplify GDPR Compliance
Automate compliance workflows, manage data subject requests, and demonstrate compliance with JUS.