GDPR Data Protection Regulation
European Union
2016
Privacy
Overview
Key Obligations
- Obtain clear and informed consent before processing personal data
- Maintain records of processing activities and conduct Data Protection Impact Assessments (DPIAs)
- Appoint a Data Protection Officer (DPO) in specific cases
- Notify supervisory authorities of data breaches within 72 hours
- Uphold data subject rights including access, correction, deletion, and portability
- Ensure lawful cross-border data transfers through mechanisms like SCCs or adequacy decisions
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to validate users while onboarding.
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
Bank Account Verification
Instantly verify bank account details to confirm account ownership and validity for secure financial transactions.
FAQ
Who does the GDPR apply to?
Any organization inside or outside the EU that processes personal data of EU residents for business or monitoring purposes.
What are the penalties for non-compliance?
Fines can reach up to €20 million or 4% of global annual turnover, whichever is higher.
Is consent always required to process data?
No. GDPR permits six lawful bases for processing, including contractual necessity, legal obligation, and legitimate interests.
Does GDPR cover both personal and sensitive data?
Yes. It applies to any information that can identify a person, with stricter rules for special categories like health, race, and biometric data.