Skip to content

Definition: GDPR (General Data Protection Regulation)

The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy regulation enacted by the European Union (EU) and implemented in 2018. It governs the collection, processing, storage, use, and security of personal data belonging to individuals residing within the EU and the European Economic Area (EEA).

Key Aspects:

  • Scope: Applies to any organization processing the personal data of EU/EEA residents, regardless of the organization's location.
  • Core Principles: Emphasizes principles like lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.
  • Individual Rights: Grants specific rights to individuals (data subjects) regarding their personal data, including rights of access, rectification, erasure (Right to be Forgotten), portability, and objection to processing.
  • Relevance: Significantly impacts how organizations manage data throughout its lifecycle, including strategies for data storage, archiving, migration, and application retirement, requiring capabilities to locate, manage, export, and delete personal data upon request. Helix services and tools often operate within environments requiring GDPR compliance (p16, p41, p46, p70).