GDPR Data Protection Regulation

European Union

2016

Privacy

Overview

The General Data Protection Regulation (GDPR) is the European Union’s comprehensive privacy law, enacted in 2016 and enforced from May 25, 2018. It governs the collection, processing, and transfer of personal data within the EU and for any entity handling EU residents’ data, regardless of location.

GDPR introduces strict requirements for data controllers and processors, including transparency, lawful basis for processing, individual rights, breach notification, and accountability. It empowers individuals with rights such as access, rectification, erasure, data portability, and objection to profiling. The law applies to technology companies, banks, insurers, healthcare providers, retailers, cloud service providers, and government agencies handling personal data of EU residents.

Key Obligations

Obtain clear and informed consent before processing personal data
Maintain records of processing activities and conduct Data Protection Impact Assessments (DPIAs)
Appoint a Data Protection Officer (DPO) in specific cases

Notify supervisory authorities of data breaches within 72 hours
Uphold data subject rights including access, correction, deletion, and portability
Ensure lawful cross-border data transfers through mechanisms like SCCs or adequacy decisions

FAQ

Related Regulations

EU-U.S. Data Privacy Framework

EU Data Act Regulation

UK GDPR Data Protection Act

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Identity Verification

Use facial match and liveness checks paired with government ID verification to make sure the person holding the document is the person you're onboarding.

One Touch KYC

Simplify the Know Your Customer (KYC) process with AI and sophisticated fraud detection algorithms to provide a seamless, efficient, and highly secure user verification.