GDPR (174 Procedures)

The General Data Protection Regulation (GDPR) was introduced by the European Union in 2016 and implemented in 2018, with the goal of harmonizing data privacy laws across Europe and reshaping the way organizations approach data privacy. Recognizing the increasing value and vulnerability of personal data in the digital age, GDPR aimed to give individuals greater control over their personal information and to simplify the regulatory environment for international business. This landmark legislation sought to address the challenges posed by rapid technological developments and globalization, which have profoundly changed the way data is collected, accessed, and used.

"GDPR embodies the ethical imperative to respect individual privacy as a fundamental right, fostering trust and responsible innovation through accountable and transparent data practices."

GDPR's conception was driven by the need to update and strengthen the EU's data protection framework, replacing the outdated Data Protection Directive from 1995. It introduced a range of new rights for individuals, including the right to be informed, the right of access, the right to rectification, and the right to erasure (or 'right to be forgotten'). GDPR also imposed strict obligations on organizations, requiring them to implement appropriate technical and organizational measures to ensure data protection. By doing so, GDPR sought to create a culture of privacy by design and by default, where data protection is considered from the onset of designing systems, rather than as an afterthought.