[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$friL4B0fv9peawTaTyEW3gslURb7nEyqRUAYS8R66ykI":3},{"tableOfContents":4,"markDownContent":5,"htmlContent":6,"metaTitle":7,"metaDescription":8,"wordCount":9,"readTime":10,"title":11,"nbDownloads":12,"excerpt":13,"lang":14,"url":15,"intro":16,"featured":4,"state":17,"author":18,"authorId":19,"datePublication":23,"dateCreation":24,"dateUpdate":25,"mainCategory":26,"categories":42,"metaDatas":48,"imageUrl":49,"imageThumbUrls":50,"id":58},false,"## Definition of the GDPR\r\n\r\nThe GDPR, or General Data Protection Regulation, is a European Union regulation aimed at protecting individuals' personal data. It came into effect on May 25, 2018 and establishes strict rules for the collection, processing, and storage of data, as well as penalties for non-compliance. Its goal is to harmonize data protection practices across the EU and ensure the confidentiality and security of personal information.\r\n\r\nThe full text of the regulation can be downloaded from this [**link**](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679).\r\n\r\n## What is the objective of the GDPR?\r\n\r\n![GDPR](https://static.dastra.eu/richtextbackoffice/fb17f391-d4ed-4b57-8f7e-db1896547936/rgpd-4-original.png)\r\n\r\nThe GDPR aims to give individuals more control over their [personal data](https://www.dastra.eu/en/guide/personal-data/382) and to instill greater trust in how businesses and institutions handle this data. Key principles at the heart of the GDPR are designed to protect privacy and individuals' rights.\r\n\r\n> **3 Objectives:**\r\n* Enhancing individuals' rights\r\n* Encouraging responsibility for data-handling stakeholders\r\n* Increasing the legitimacy of regulation through closer collaboration between data protection authorities\r\n\r\n## Who is affected by the GDPR?\r\n\r\nThe GDPR applies to any organization, regardless of size or geographic location:\r\n- located within the European Economic Area (EU + Liechtenstein + Norway + Iceland). or\r\n- collecting, processing, or storing personal data of individuals located within the European Economic Area (EU + Liechtenstein + Norway + Iceland).\r\n\r\nThis includes:\r\n* companies\r\n* non-profit organizations\r\n* governmental institutions\r\n* marketing agencies\r\n* online service providers\r\n* and any other entity processing personal data in the course of their commercial activities or interactions with individuals from the EU.\r\n* Additionally, the GDPR also applies to processors and service providers handling personal data on behalf of an organization subject to the regulation.\r\n\r\nIn summary, any entity that handles personal data of EU citizens must comply with the provisions of the GDPR.\r\n\r\n## Legal bases, including consent\r\n\r\nOne of the key aspects of the GDPR is the requirement for a [legal basis](https://www.dastra.eu/en/guide/legal-basis-for-gdpr/2495) to process data, which includes [consent](https://www.dastra.eu/en/guide/consent/1494). In certain cases, organizations must obtain clear and specific consent from individuals before collecting and processing their personal data. This consent must be freely given, informed, and revocable at any time by the individual. Six legal bases allow for the processing of personal data:\r\n\r\n- consent\r\n- legitimate interests\r\n- vital interests\r\n- public interest\r\n- legal obligation\r\n- contract\r\n\r\n## Rights of individuals\r\n\r\nThe regulation also grants individuals a number of rights regarding their personal data. These include the [right of access](https://www.dastra.eu/en/guide/right-of-access/52264), allowing individuals to know what data is held about them, and the [right to data portability](https://www.dastra.eu/en/guide/right-to-data-portability/52271), enabling them to easily transfer their data from one service to another.\r\n\r\n## Responsibility\r\n\r\nAnother key provision of the GDPR is the principle of organizational responsibility and transparency. Companies must be able to demonstrate their compliance with the GDPR by implementing data protection measures and maintaining detailed records of their data processing activities.\r\n\r\n## GDPR sanctions\r\n\r\nThe GDPR also introduces severe penalties for non-compliance. Data protection authorities are empowered to impose fines of up to 4% of a company's annual global turnover or €20 million, whichever is higher.\r\n\r\nThe GDPR aims to create an environment where individuals have control over their own data and organizations handle this data in a responsible and ethical manner.\r\n\r\nWhile its implementation may pose a challenge for many businesses, the GDPR represents a significant step towards better privacy protection and individual rights in the digital age.\r\n\r\n![GDPR sanction](https://static.dastra.eu/richtextbackoffice/73b628da-16f2-4eed-848b-5f0a911d6bf8/rgpd-5-original.png)\r\n\r\n## Dastra GDPR Software\r\n\r\nWant to comply with the GDPR? Dastra software offers many features to help you meet data protection standards.\r\nTo find out more, [contact one of our experts](https://www.dastra.eu/en/contacts/demo) !","\u003Ch2 id=\"definition-of-the-gdpr\">Definition of the GDPR\u003C/h2>\r\n\u003Cp>The GDPR, or General Data Protection Regulation, is a European Union regulation aimed at protecting individuals' personal data. It came into effect on May 25, 2018 and establishes strict rules for the collection, processing, and storage of data, as well as penalties for non-compliance. Its goal is to harmonize data protection practices across the EU and ensure the confidentiality and security of personal information.\u003C/p>\r\n\u003Cp>The full text of the regulation can be downloaded from this \u003Ca href=\"https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679\" rel=\"nofollow\">\u003Cstrong>link\u003C/strong>\u003C/a>.\u003C/p>\r\n\u003Ch2 id=\"what-is-the-objective-of-the-gdpr\">What is the objective of the GDPR?\u003C/h2>\r\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtextbackoffice/fb17f391-d4ed-4b57-8f7e-db1896547936/rgpd-4-original.png\" alt=\"GDPR\" />\u003C/p>\r\n\u003Cp>The GDPR aims to give individuals more control over their \u003Ca href=\"https://www.dastra.eu/en/guide/personal-data/382\">personal data\u003C/a> and to instill greater trust in how businesses and institutions handle this data. Key principles at the heart of the GDPR are designed to protect privacy and individuals' rights.\u003C/p>\r\n\u003Cblockquote>\r\n\u003Cp>\u003Cstrong>3 Objectives:\u003C/strong>\u003C/p>\r\n\u003C/blockquote>\r\n\u003Cul>\r\n\u003Cli>Enhancing individuals' rights\u003C/li>\r\n\u003Cli>Encouraging responsibility for data-handling stakeholders\u003C/li>\r\n\u003Cli>Increasing the legitimacy of regulation through closer collaboration between data protection authorities\u003C/li>\r\n\u003C/ul>\r\n\u003Ch2 id=\"who-is-affected-by-the-gdpr\">Who is affected by the GDPR?\u003C/h2>\r\n\u003Cp>The GDPR applies to any organization, regardless of size or geographic location:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>located within the European Economic Area (EU + Liechtenstein + Norway + Iceland). or\u003C/li>\r\n\u003Cli>collecting, processing, or storing personal data of individuals located within the European Economic Area (EU + Liechtenstein + Norway + Iceland).\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>This includes:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>companies\u003C/li>\r\n\u003Cli>non-profit organizations\u003C/li>\r\n\u003Cli>governmental institutions\u003C/li>\r\n\u003Cli>marketing agencies\u003C/li>\r\n\u003Cli>online service providers\u003C/li>\r\n\u003Cli>and any other entity processing personal data in the course of their commercial activities or interactions with individuals from the EU.\u003C/li>\r\n\u003Cli>Additionally, the GDPR also applies to processors and service providers handling personal data on behalf of an organization subject to the regulation.\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>In summary, any entity that handles personal data of EU citizens must comply with the provisions of the GDPR.\u003C/p>\r\n\u003Ch2 id=\"legal-bases-including-consent\">Legal bases, including consent\u003C/h2>\r\n\u003Cp>One of the key aspects of the GDPR is the requirement for a \u003Ca href=\"https://www.dastra.eu/en/guide/legal-basis-for-gdpr/2495\">legal basis\u003C/a> to process data, which includes \u003Ca href=\"https://www.dastra.eu/en/guide/consent/1494\">consent\u003C/a>. In certain cases, organizations must obtain clear and specific consent from individuals before collecting and processing their personal data. This consent must be freely given, informed, and revocable at any time by the individual. Six legal bases allow for the processing of personal data:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>consent\u003C/li>\r\n\u003Cli>legitimate interests\u003C/li>\r\n\u003Cli>vital interests\u003C/li>\r\n\u003Cli>public interest\u003C/li>\r\n\u003Cli>legal obligation\u003C/li>\r\n\u003Cli>contract\u003C/li>\r\n\u003C/ul>\r\n\u003Ch2 id=\"rights-of-individuals\">Rights of individuals\u003C/h2>\r\n\u003Cp>The regulation also grants individuals a number of rights regarding their personal data. These include the \u003Ca href=\"https://www.dastra.eu/en/guide/right-of-access/52264\">right of access\u003C/a>, allowing individuals to know what data is held about them, and the \u003Ca href=\"https://www.dastra.eu/en/guide/right-to-data-portability/52271\">right to data portability\u003C/a>, enabling them to easily transfer their data from one service to another.\u003C/p>\r\n\u003Ch2 id=\"responsibility\">Responsibility\u003C/h2>\r\n\u003Cp>Another key provision of the GDPR is the principle of organizational responsibility and transparency. Companies must be able to demonstrate their compliance with the GDPR by implementing data protection measures and maintaining detailed records of their data processing activities.\u003C/p>\r\n\u003Ch2 id=\"gdpr-sanctions\">GDPR sanctions\u003C/h2>\r\n\u003Cp>The GDPR also introduces severe penalties for non-compliance. Data protection authorities are empowered to impose fines of up to 4% of a company's annual global turnover or €20 million, whichever is higher.\u003C/p>\r\n\u003Cp>The GDPR aims to create an environment where individuals have control over their own data and organizations handle this data in a responsible and ethical manner.\u003C/p>\r\n\u003Cp>While its implementation may pose a challenge for many businesses, the GDPR represents a significant step towards better privacy protection and individual rights in the digital age.\u003C/p>\r\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtextbackoffice/73b628da-16f2-4eed-848b-5f0a911d6bf8/rgpd-5-original.png\" alt=\"GDPR sanction\" />\u003C/p>\r\n\u003Ch2 id=\"dastra-gdpr-software\">Dastra GDPR Software\u003C/h2>\r\n\u003Cp>Want to comply with the GDPR? Dastra software offers many features to help you meet data protection standards.\r\nTo find out more, \u003Ca href=\"https://www.dastra.eu/en/contacts/demo\">contact one of our experts\u003C/a> !\u003C/p>\r\n","\"What is GDPR? - Dastra\"","The GDPR, or General Data Protection Regulation, is a European Union regulation aimed at protecting the personal data of individuals.",642,4,"What is the GDPR?",0,null,"en","what-is-the-gdpr","The GDPR, or General Data Protection Regulation, is a European Union regulation aimed at protecting individuals' personal data.","Published",{"id":19,"displayName":20,"avatarUrl":21,"bio":13,"blogUrl":13,"color":13,"userId":19,"creationDate":22},10458,"Marine Boquien","https://static.dastra.eu/tenant-19/avatar/10458/logo-icon-primary-150.png","2023-10-02T14:39:10","2024-04-30T07:00:00","2024-04-30T06:53:55.7887407","2024-04-30T07:08:52.0727339",{"id":27,"name":28,"description":29,"url":30,"color":31,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":12,"translations":32},2,"Blog","A list of curated articles provided by the community","blog","#28449a",[33,36,39],{"lang":34,"name":28,"description":35},"fr","Une liste d'articles rédigés par la communauté",{"lang":37,"name":28,"description":38},"es","Una lista de artículos escritos por la comunidad",{"lang":40,"name":28,"description":41},"de","Eine Liste von Artikeln, die von der Community verfasst wurden",[43],{"id":27,"name":28,"description":29,"url":30,"color":31,"parentId":13,"count":13,"imageUrl":13,"parent":13,"order":12,"translations":44},[45,46,47],{"lang":34,"name":28,"description":35},{"lang":37,"name":28,"description":38},{"lang":40,"name":28,"description":41},[],"https://static.dastra.eu/content/302ca6d4-34dc-4895-8539-a122909de0ff/crer-un-registre-des-traitements-7-original.png",[51,52,53,54,55,56,57],"https://static.dastra.eu/content/302ca6d4-34dc-4895-8539-a122909de0ff/crer-un-registre-des-traitements-7-1000.webp","https://static.dastra.eu/content/302ca6d4-34dc-4895-8539-a122909de0ff/crer-un-registre-des-traitements-7.webp","https://static.dastra.eu/content/302ca6d4-34dc-4895-8539-a122909de0ff/crer-un-registre-des-traitements-7-1500.webp","https://static.dastra.eu/content/302ca6d4-34dc-4895-8539-a122909de0ff/crer-un-registre-des-traitements-7-800.webp","https://static.dastra.eu/content/302ca6d4-34dc-4895-8539-a122909de0ff/crer-un-registre-des-traitements-7-600.webp","https://static.dastra.eu/content/302ca6d4-34dc-4895-8539-a122909de0ff/crer-un-registre-des-traitements-7-300.webp","https://static.dastra.eu/content/302ca6d4-34dc-4895-8539-a122909de0ff/crer-un-registre-des-traitements-7-100.webp",57249]