GDPR
In Simple Terms
The EU's comprehensive data protection law that governs how organizations collect, process, and store personal data of individuals in the EU.
Formal Legal Definition
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Practical Example
A law firm must obtain consent or have a legal basis before processing client data, provide privacy notices, and report data breaches to authorities within 72 hours.
Why It Matters
The GDPR applies to any organization worldwide that processes EU residents' data, with fines up to 4% of global annual turnover for violations.
Common Misunderstandings
GDPR does not prohibit data processing — it requires a lawful basis. Consent is just one of six legal bases; legitimate interest and contractual necessity are equally valid.
Related Terms
How snowLEX helps with GDPR
snowLEX can answer complex GDPR compliance questions, find relevant DPA decisions, and explain how specific GDPR provisions have been interpreted in case law.
Try snowLEX Free