GDPR
Also known as: general data protection regulation
The EU regulation that governs how organisations collect, store and process personal data.
The General Data Protection Regulation took effect in 2018 and applies to any organisation that processes the personal data of people in the EU, regardless of where the organisation is based.
Key ideas: data collection needs a lawful basis (often consent), users have rights to access, correct and delete their data, and serious breaches must be reported within 72 hours. Fines can reach 4% of global turnover. The UK retained equivalent rules post-Brexit (UK GDPR).
Related terms
The pop-up asking permission to set cookies, required in jurisdictions like the EU and UK.
California's data-privacy law giving residents rights over how businesses collect and sell their data.
The ability to control what information about you is collected, shared and inferred online.
