General Data Protection Regulation (GDPR)
The EU's comprehensive data protection law that governs how personal data of EU residents must be collected, stored, and processed.
The General Data Protection Regulation (GDPR), effective May 25, 2018, is the EU's primary data privacy law. It applies to any organization worldwide that processes the personal data of EU residents, regardless of where the business is located.
GDPR establishes core principles including: lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; and integrity and confidentiality. Businesses must have a legal basis for processing — typically consent, contract, legal obligation, or legitimate interest.
Penalties for GDPR violations reach up to €20 million or 4% of global annual turnover, whichever is higher. Every business collecting data from EU users needs a GDPR-compliant privacy policy, cookie policy, and data processing agreements with vendors.
Générez une politique EU 2016/679 en 60 secondes
Notre IA rédige des politiques de confidentialité, des conditions d'utilisation et des politiques de cookies qui couvrent les exigences EU 2016/679 — adaptées à votre entreprise.