Glossary/General Data Protection Regulation (GDPR)
EU 2016/679

General Data Protection Regulation (GDPR)

The EU's comprehensive data protection law that governs how personal data of EU residents must be collected, stored, and processed.

The General Data Protection Regulation (GDPR), effective May 25, 2018, is the EU's primary data privacy law. It applies to any organization worldwide that processes the personal data of EU residents, regardless of where the business is located.

GDPR establishes core principles including: lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; and integrity and confidentiality. Businesses must have a legal basis for processing — typically consent, contract, legal obligation, or legitimate interest.

Penalties for GDPR violations reach up to €20 million or 4% of global annual turnover, whichever is higher. Every business collecting data from EU users needs a GDPR-compliant privacy policy, cookie policy, and data processing agreements with vendors.

Related Terms
California Consumer Privacy Act (CCPA)Personal Information Protection and Electronic Documents Act (PIPEDA)Data Processing Agreement (DPA)Cookie ConsentPrivacy Policy
Put it into practice

Generate a EU 2016/679 policy in 60 seconds

Our AI drafts privacy policies, terms of service, and cookie policies that cover EU 2016/679 requirements — tailored to your business.

Draft Free PolicyBack to Glossary