General Data Protection Regulation: Difference between revisions

(7 intermediate revisions by 4 users not shown)

Line 1:

The '''~~[[wikipedia:General_Data_Protection_Regulation~~|General Data Protection Regulation]]''' (GDPR) is the European Union's comprehensive data privacy and security law that went into effect on May 25, 2018.<ref>[https://gdpr.eu/what-is-gdpr/ "What is GDPR, the EU’s new data protection law?"] - gdpr.eu - 25 May 2018</ref> The regulation applies to any organization worldwide that processes data related to EU residents, regardless of the organization's location. It represents the world's most stringent approach to data protection, with potential fines for violations reaching up to €20 million or 4% of global revenue, whichever is higher.

The '''{{Wplink|General Data Protection Regulation}}''' (GDPR) is the European Union's comprehensive data privacy and security law that went into effect on May 25, 2018.<ref>[https://gdpr.eu/what-is-gdpr/ "What is GDPR, the EU’s new data protection law?"] - gdpr.eu - 25 May 2018 ([http://web.archive.org/web/20260128031436/https://gdpr.eu/what-is-gdpr/ Archived])</ref> The regulation applies to any organization worldwide that processes data related to EU residents, regardless of the organization's location. It represents the world's most stringent approach to data protection, with potential fines for violations reaching up to €20 million or 4% of global revenue, whichever is higher.

The regulation mandates several key requirements for organizations processing EU residents' personal data. These include obtaining explicit consent for data collection, ensuring data minimization and purpose limitation, implementing appropriate security measures, and honoring individuals' rights regarding their personal data. Organizations must also maintain detailed documentation of their data processing activities, report data breaches within 72 hours, and in some cases appoint Data Protection Officers. The regulation defines personal data broadly, encompassing everything from basic identifiers like names and email addresses to more complex data like location information, biometric data, and online identifiers.

Line 5:

The GDPR has established a new global standard for data protection by codifying several fundamental principles, including transparency, accountability, and privacy by design. Organizations must not only comply with these principles but also be able to demonstrate their compliance through documentation and organizational measures. This comprehensive approach to data protection reflects the EU's position that privacy is a fundamental human right, building upon the privacy protections first established in the 1950 European Convention on Human Rights and updated for the digital age.

The United Kingdom still enforces the GDPR,<ref>https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/</ref> allowing persons physically located within the UK the ability to request data exports and deletions from online services.<ref>https://www.vpaa.uillinois.edu/resources/policies/u_of_i_system_and_international_privacy_laws/the_eu_and_uk_general_data_protection_regulations</ref>

The United Kingdom still enforces the GDPR,<ref>https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/ ([http://web.archive.org/web/20251230025316/https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/ Archived])</ref> allowing persons physically located within the UK the ability to request data exports and deletions from online services.<ref>https://www.vpaa.uillinois.edu/resources/policies/u_of_i_system_and_international_privacy_laws/the_eu_and_uk_general_data_protection_regulations ([http://web.archive.org/web/20251213031910/https://www.vpaa.uillinois.edu/resources/policies/u_of_i_system_and_international_privacy_laws/the_eu_and_uk_general_data_protection_regulations Archived])</ref>

==Summary==

Line 11:

===Chapter 2: Principles===

Chapter 2 of the GDPR addresses personal data, legal ways to process it, and consent of the user.<ref>[https://gdpr-info.eu/chapter-2/ "Chapter 2: Principles"] - gdpr-info.eu - 25 May 2018</ref>

Chapter 2 of the GDPR addresses personal data, legal ways to process it, and consent of the user.<ref>[https://gdpr-info.eu/chapter-2/ "Chapter 2: Principles"] - gdpr-info.eu - 25 May 2018 ([http://web.archive.org/web/20260117095156/https://gdpr-info.eu/chapter-2/ Archived])</ref>

====Article 5: Principles relating to processing of personal data====

Line 29:

===Chapter 3: Rights of the data subject===

Chapter 3 of the GDPR covers transparency, information and access to personal data, the right to change, erase, or restrict processing of personal data, and the right to object.<ref>[https://gdpr-info.eu/chapter-3/ "Chapter 3: Rights of the data subject"] - gdpr-info.eu - 25 May 2018</ref>

Chapter 3 of the GDPR covers transparency, information and access to personal data, the right to change, erase, or restrict processing of personal data, and the right to object.<ref>[https://gdpr-info.eu/chapter-3/ "Chapter 3: Rights of the data subject"] - gdpr-info.eu - 25 May 2018 ([http://web.archive.org/web/20260117095030/https://gdpr-info.eu/chapter-3/ Archived])</ref>

====Article 17: Right to erasure (‘right to be forgotten’)====

''Main wiki: [https://gdprhub.eu/index.php?title=Article_17_GDPR Article 17 GDPR]''

Data subjects have the right to request erasure of their personal data by the data processor and the data processor is required to erase said data in a timely manner. This includes unnecessarily stored data, unlawfully processed data, and ~~publically availabe~~ information.

Data subjects have the right to request erasure of their personal data by the data processor and the data processor is required to erase said data in a timely manner. This includes unnecessarily stored data, unlawfully processed data, and publicly available information.

This article does not cover free of expression and information, public interest, archiving purposes, or legally-relevant information.

Line 52:

===Chapter 4: Controller and processor===

Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018</ref>

Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018 ([http://web.archive.org/web/20260117095128/https://gdpr-info.eu/chapter-4/ Archived])</ref>

====Article 28: Processor====

Line 60:

==See also==

*[[Consent-or-pay]]

*[[Digital Omnibus]]

*https://gdprhub.eu, a wiki summarizing GDPR-related decisions by authorities and courts across Europe

*[[Consent-or-pay]]

==References==

[[Category:~~Common terms~~]]

[[Category:Pro-consumer articles]]

[[Category:Legislation]]

[[Category:EU legislation]]

@@ Line 1: / Line 1: @@
-The '''[[wikipedia:General_Data_Protection_Regulation|General Data Protection Regulation]]''' (GDPR) is the European Union's comprehensive data privacy and security law that went into effect on May 25, 2018.<ref>[https://gdpr.eu/what-is-gdpr/ "What is GDPR, the EU’s new data protection law?"] - gdpr.eu - 25 May 2018</ref> The regulation applies to any organization worldwide that processes data related to EU residents, regardless of the organization's location. It represents the world's most stringent approach to data protection, with potential fines for violations reaching up to €20 million or 4% of global revenue, whichever is higher.
+The '''{{Wplink|General Data Protection Regulation}}''' (GDPR) is the European Union's comprehensive data privacy and security law that went into effect on May 25, 2018.<ref>[https://gdpr.eu/what-is-gdpr/ "What is GDPR, the EU’s new data protection law?"] - gdpr.eu - 25 May 2018 ([http://web.archive.org/web/20260128031436/https://gdpr.eu/what-is-gdpr/ Archived])</ref> The regulation applies to any organization worldwide that processes data related to EU residents, regardless of the organization's location. It represents the world's most stringent approach to data protection, with potential fines for violations reaching up to €20 million or 4% of global revenue, whichever is higher.
 The regulation mandates several key requirements for organizations processing EU residents' personal data. These include obtaining explicit consent for data collection, ensuring data minimization and purpose limitation, implementing appropriate security measures, and honoring individuals' rights regarding their personal data. Organizations must also maintain detailed documentation of their data processing activities, report data breaches within 72 hours, and in some cases appoint Data Protection Officers. The regulation defines personal data broadly, encompassing everything from basic identifiers like names and email addresses to more complex data like location information, biometric data, and online identifiers.
@@ Line 5: / Line 5: @@
 The GDPR has established a new global standard for data protection by codifying several fundamental principles, including transparency, accountability, and privacy by design. Organizations must not only comply with these principles but also be able to demonstrate their compliance through documentation and organizational measures. This comprehensive approach to data protection reflects the EU's position that privacy is a fundamental human right, building upon the privacy protections first established in the 1950 European Convention on Human Rights and updated for the digital age.
-The United Kingdom still enforces the GDPR,<ref>https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/</ref> allowing persons physically located within the UK the ability to request data exports and deletions from online services.<ref>https://www.vpaa.uillinois.edu/resources/policies/u_of_i_system_and_international_privacy_laws/the_eu_and_uk_general_data_protection_regulations</ref>
+The United Kingdom still enforces the GDPR,<ref>https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/ ([http://web.archive.org/web/20251230025316/https://ico.org.uk/for-organisations/data-protection-and-the-eu/data-protection-and-the-eu-in-detail/the-uk-gdpr/ Archived])</ref> allowing persons physically located within the UK the ability to request data exports and deletions from online services.<ref>https://www.vpaa.uillinois.edu/resources/policies/u_of_i_system_and_international_privacy_laws/the_eu_and_uk_general_data_protection_regulations ([http://web.archive.org/web/20251213031910/https://www.vpaa.uillinois.edu/resources/policies/u_of_i_system_and_international_privacy_laws/the_eu_and_uk_general_data_protection_regulations Archived])</ref>
 ==Summary==
@@ Line 11: / Line 11: @@
 ===Chapter 2: Principles===
-Chapter 2 of the GDPR addresses personal data, legal ways to process it, and consent of the user.<ref>[https://gdpr-info.eu/chapter-2/ "Chapter 2: Principles"] - gdpr-info.eu - 25 May 2018</ref>
+Chapter 2 of the GDPR addresses personal data, legal ways to process it, and consent of the user.<ref>[https://gdpr-info.eu/chapter-2/ "Chapter 2: Principles"] - gdpr-info.eu - 25 May 2018 ([http://web.archive.org/web/20260117095156/https://gdpr-info.eu/chapter-2/ Archived])</ref>
 ====Article 5: Principles relating to processing of personal data====
@@ Line 29: / Line 29: @@
 ===Chapter 3: Rights of the data subject===
-Chapter 3 of the GDPR covers transparency, information and access to personal data, the right to change, erase, or restrict processing of personal data, and the right to object.<ref>[https://gdpr-info.eu/chapter-3/ "Chapter 3: Rights of the data subject"] - gdpr-info.eu - 25 May 2018</ref>
+Chapter 3 of the GDPR covers transparency, information and access to personal data, the right to change, erase, or restrict processing of personal data, and the right to object.<ref>[https://gdpr-info.eu/chapter-3/ "Chapter 3: Rights of the data subject"] - gdpr-info.eu - 25 May 2018 ([http://web.archive.org/web/20260117095030/https://gdpr-info.eu/chapter-3/ Archived])</ref>
 ====Article 17: Right to erasure (‘right to be forgotten’)====
 ''Main wiki: [https://gdprhub.eu/index.php?title=Article_17_GDPR Article 17 GDPR]''
-Data subjects have the right to request erasure of their personal data by the data processor and the data processor is required to erase said data in a timely manner. This includes unnecessarily stored data, unlawfully processed data, and publically availabe information.
+Data subjects have the right to request erasure of their personal data by the data processor and the data processor is required to erase said data in a timely manner. This includes unnecessarily stored data, unlawfully processed data, and publicly available information.
 This article does not cover free of expression and information, public interest, archiving purposes, or legally-relevant information.
@@ Line 52: / Line 52: @@
 ===Chapter 4: Controller and processor===
-Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018</ref>
+Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018 ([http://web.archive.org/web/20260117095128/https://gdpr-info.eu/chapter-4/ Archived])</ref>
 ====Article 28: Processor====
@@ Line 60: / Line 60: @@
 ==See also==
+*[[Consent-or-pay]]
+*[[Digital Omnibus]]
 *https://gdprhub.eu, a wiki summarizing GDPR-related decisions by authorities and courts across Europe
-*[[Consent-or-pay]]
 ==References==
 <references />
-[[Category:Common terms]]
+[[Category:Pro-consumer articles]]
 [[Category:Legislation]]
 [[Category:EU legislation]]