GDPR
E84602
The GDPR (General Data Protection Regulation) is a comprehensive European Union data protection law that governs how organizations collect, process, and store personal data of individuals in the EU.
Aliases (3)
Statements (67)
| Predicate | Object |
|---|---|
| instanceOf |
European Union regulation
→
data protection law → |
| adoptedBy |
Council of the European Union
→
European Parliament → |
| adoptionDate |
2016-04-27
→
|
| allows |
administrative fines up to 20 million EUR or 4% of global annual turnover
→
|
| appliesTo |
controllers of personal data
→
organizations monitoring behavior of individuals in the EU → organizations offering goods or services to individuals in the EU → processors of personal data → |
| containsChapter |
Chapter I: General provisions
→
Chapter II: Principles → Chapter III: Rights of the data subject → Chapter IV: Controller and processor → Chapter IX: Provisions relating to specific processing situations → Chapter V: Transfers of personal data to third countries or international organisations → Chapter VI: Independent supervisory authorities → Chapter VII: Cooperation and consistency → Chapter VIII: Remedies, liability and penalties → Chapter X: Delegated acts and implementing acts → Chapter XI: Final provisions → |
| definesTerm |
consent
→
data controller → data processor → data subject → personal data → profiling → pseudonymisation → |
| effectiveDate |
2018-05-25
→
|
| enforcedBy |
European Data Protection Board
→
national data protection authorities → |
| establishesPrinciple |
accountability
→
accuracy → data minimisation → integrity and confidentiality → lawfulness, fairness and transparency → purpose limitation → storage limitation → |
| fullName |
General Data Protection Regulation
→
|
| grantsRight |
right of access
→
right to data portability → right to erasure → right to object → right to rectification → right to restriction of processing → rights related to automated decision-making and profiling → |
| hasArticlesCount |
99
→
|
| hasRecitalsCount |
173
→
|
| jurisdiction |
European Economic Area
→
European Union → |
| language |
all official languages of the European Union
→
|
| legalBasisForProcessing |
compliance with a legal obligation
→
consent → legitimate interests pursued by the controller or a third party → performance of a contract → performance of a task carried out in the public interest → protection of vital interests → |
| regulationNumber |
Regulation (EU) 2016/679
→
|
| replaced |
Data Protection Directive 95/46/EC
→
|
| requires |
appointment of a data protection officer in specific circumstances
→
data breach notification to data subjects in certain cases → data breach notification to supervisory authority → data protection by design and by default → data protection impact assessments → records of processing activities → |
| subjectMatter |
free movement of personal data
→
protection of natural persons with regard to the processing of personal data → |
Referenced by (6)
| Subject (surface form when different) | Predicate |
|---|---|
|
Information Commissioner’s Office
("UK General Data Protection Regulation")
→
|
appliesStatutoryRegulation |
|
GDPR
("General Data Protection Regulation")
→
|
fullName |
|
GDPR
("Regulation (EU) 2016/679")
→
|
regulationNumber |
|
CCPA
→
|
relatedTo |
|
Microsoft Azure
→
|
supportsComplianceStandard |
|
Google Ad Manager
→
|
supportsPrivacyFramework |