GDPR
Definition
General Data Protection Regulation - European law governing data protection, privacy rights, and data processing for individuals.
Use Cases
- Google: Helping users control and delete personal data to meet GDPR rights such as access and erasure — Expanded privacy controls like Google Account data management features (e.g., data download and deletion controls) and updated consent and transparency notices for EU users (Improved user-facing privacy controls and clearer disclosures to support GDPR requirements around transparency and user rights)
- Meta: Updating user consent and privacy disclosures for EU/EEA users under GDPR requirements — Rolled out updated privacy policies, consent flows, and user controls related to data processing and advertising preferences for European users (More explicit disclosures and user controls intended to align data processing with GDPR principles such as transparency and lawful basis)
- Microsoft: Supporting enterprise customers with GDPR-aligned data protection and compliance capabilities in cloud services — Published GDPR-related documentation and contractual commitments (e.g., data protection terms) and provided product features for auditing, eDiscovery, retention, and access control in Microsoft cloud offerings (Enabled customers to use built-in governance and security features to implement GDPR controls such as access logging, retention, and data subject request workflows)
Frequently Asked Questions
- What's the difference between GDPR and ISO 27001?
- GDPR is a law focused on protecting personal data and privacy rights in the EU/EEA, including rules like lawful basis, data minimization, and data subject rights. ISO 27001 is a voluntary security standard for building an information security management system (ISMS). ISO 27001 can help you improve security controls, but it does not automatically make you GDPR-compliant.
- When do I need to comply with GDPR?
- You need to comply if you process personal data of people in the EU/EEA in many common scenarios—for example, if you offer goods or services to EU/EEA residents or monitor their behavior (such as website analytics or targeted advertising). In practice, if your app or website has EU/EEA users, you should assess GDPR obligations early and design data handling, consent, and user-rights processes accordingly.
- How much does GDPR compliance cost?
- There is no fixed fee to “use GDPR.” Costs depend on your organization and risk profile, such as the amount and sensitivity of personal data, the number of systems and vendors involved, whether you need a Data Protection Officer (DPO), and the effort to implement controls (data mapping, consent management, security measures, logging, retention, and DSAR workflows). You may also incur legal, consulting, training, and tooling costs (e.g., consent management platforms, data discovery, and security monitoring).
Category: security
Difficulty: intermediate
Related Terms
See Also