GDPR

What is GDPR?

GDPR (General Data Protection Regulation) - known in Poland as RODO (Rozporzadzenie o Ochronie Danych Osobowych) - is Regulation (EU) 2016/679 of the European Parliament and of the Council, which has regulated the processing of personal data of individuals within the European Union since 25 May 2018. GDPR applies directly in all EU member states.

The regulation defines key data processing principles: lawfulness, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. It also introduces data subject rights: right of access, rectification, erasure (right to be forgotten), data portability, objection and restriction of processing.

From a cybersecurity perspective, GDPR imposes an obligation to implement appropriate technical and organisational measures to ensure data security (Article 32) and an obligation to report personal data breaches to the supervisory authority within 72 hours (Article 33).

Why does it matter?

GDPR provides for fines of up to EUR 20 million or 4% of annual global turnover for the most serious violations. Fines are being enforced - organisations across Europe have received penalties reaching millions of euros. For organisations processing personal data, GDPR is not only a legal requirement but also a motivation to implement fundamental security practices: encryption, access control, monitoring and incident response procedures.

Related topics

• DLP
• IAM
• NIS2