The General Data Protection Regulation is the European Union's comprehensive data protection framework, replacing the 1995 Data Protection Directive. It establishes strict requirements for how organizations collect, process, store, and share personal data of individuals in the EU and EEA.
GDPR grants data subjects specific rights including the right to access, rectification, erasure ("right to be forgotten"), data portability, and the right to object to automated decision-making. Organizations must demonstrate a lawful basis for processing (consent, contractual necessity, legitimate interest, legal obligation, vital interest, or public task) and implement appropriate technical and organizational safeguards.
Enforcement is carried out by national Data Protection Authorities coordinated through the European Data Protection Board. Penalties can reach up to €20 million or 4% of global annual turnover, whichever is higher — making GDPR one of the most consequential regulatory frameworks for platform governance globally.
Get alerted when platforms change their policies — including GDPR-relevant provisions.
Subscribe to Watcher — $9.99/mo