1 article with this tag
GDPR (General Data Protection Regulation) is the EU's comprehensive rulebook for protecting the personal data of people in the EU — and it can reach businesses outside the EU that serve EU users. It requires a lawful basis (e.g. consent), clear purpose, data minimization, data-subject rights (access/erasure), and breach notification to the authority (generally within 72 hours), with heavy fines for serious violations. The technical gist: collect and hold only the personal data you need, protect it, and be able to detect and report a breach quickly.