General Data Protection Regulation
15 articles available
A GDPR compliance checklist covers data mapping, lawful basis documentation, privacy policies, consent management, data subject rights procedures, security measures, Data Protection Impact Assessments, breach notification processes, and vendor agreements.
A Data Protection Impact Assessment (DPIA) is a process required under GDPR Article 35 to identify and minimize privacy risks of data processing activities that are likely to result in high risk to individuals' rights and freedoms.
GDPR and the ePrivacy Directive require websites to obtain informed, specific consent before setting non-essential cookies. This means no pre-ticked boxes, no cookie walls, and giving users a genuine choice to accept or reject each cookie category.
GDPR grants individuals eight key rights over their personal data: access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making, plus the right to be informed. Organizations must respond within one month.
GDPR consent must be freely given, specific, informed, and unambiguous. It requires a clear affirmative action (no pre-ticked boxes), must be as easy to withdraw as to give, and organizations must keep records proving valid consent was obtained.
GDPR requires organizations to notify their supervisory authority of a personal data breach within 72 hours of becoming aware of it. If the breach poses a high risk to individuals, those individuals must also be notified without undue delay.
A Data Processing Agreement (DPA) is a legally required contract under GDPR Article 28 between a data controller and data processor that defines how personal data will be processed, what security measures apply, and each party's obligations.
US companies must comply with GDPR if they offer goods or services to EU residents or monitor their behavior. This applies regardless of having no physical presence in the EU. Non-EU companies may also need an EU representative.
SaaS companies typically act as data processors under GDPR and must implement appropriate security measures, sign DPAs with customers, maintain processing records, and support customers in fulfilling data subject rights requests.
