GDPR

Definition

General Data Protection Regulation - European law governing data protection, privacy rights, and data processing for individuals.

Use Cases

Frequently Asked Questions

What's the difference between GDPR and ISO 27001?
GDPR is a law focused on protecting personal data and privacy rights in the EU/EEA, including rules like lawful basis, data minimization, and data subject rights. ISO 27001 is a voluntary security standard for building an information security management system (ISMS). ISO 27001 can help you improve security controls, but it does not automatically make you GDPR-compliant.
When do I need to comply with GDPR?
You need to comply if you process personal data of people in the EU/EEA in many common scenarios—for example, if you offer goods or services to EU/EEA residents or monitor their behavior (such as website analytics or targeted advertising). In practice, if your app or website has EU/EEA users, you should assess GDPR obligations early and design data handling, consent, and user-rights processes accordingly.
How much does GDPR compliance cost?
There is no fixed fee to “use GDPR.” Costs depend on your organization and risk profile, such as the amount and sensitivity of personal data, the number of systems and vendors involved, whether you need a Data Protection Officer (DPO), and the effort to implement controls (data mapping, consent management, security measures, logging, retention, and DSAR workflows). You may also incur legal, consulting, training, and tooling costs (e.g., consent management platforms, data discovery, and security monitoring).

Category: security

Difficulty: intermediate

Related Terms

See Also