FAQ resource for What is GDPR in a nutshell?.
Answer
The General Data Protection Regulation (GDPR) is an EU law that governs how organizations collect, process, and store the personal data of people in the EU and EEA, regardless of where the organization is based. It grants individuals rights such as access, correction, deletion ("right to be forgotten"), and portability, and requires a lawful basis for processing, data-protection-by-design, and breach notification within 72 hours. Non-compliance can incur fines of up to 20 million euros or 4% of global annual revenue, whichever is higher.