GDPR

GDPR establishes rights for data subjects (access, rectification, erasure, portability), obligations for data controllers and processors (lawful basis, privacy by design, breach notification), and enforcement mechanisms (fines up to €20 million or 4% of global revenue). Key principles include purpose limitation (collect data only for specified purposes), data minimisation (collect only what's necessary), and storage limitation (don't keep data longer than needed). GDPR applies to any organisation that processes EU residents' data, regardless of where the organisation is located. It has inspired similar legislation worldwide (CCPA, LGPD, POPIA).