NovaBlockNovaBlock
All terms

GDPR

Also known as: general data protection regulation

The EU regulation that governs how organisations collect, store and process personal data.

Updated 15 January 2026

The General Data Protection Regulation took effect in 2018 and applies to any organisation that processes the personal data of people in the EU, regardless of where the organisation is based.

Key ideas: data collection needs a lawful basis (often consent), users have rights to access, correct and delete their data, and serious breaches must be reported within 72 hours. Fines can reach 4% of global turnover. The UK retained equivalent rules post-Brexit (UK GDPR).

Related terms