Introduction to the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is the European Union’s core data privacy law, applicable since May 25, 2018.
It governs the processing of personal data belonging to individuals in the EU and EEA, regardless of where the data-handling organization is located.
The regulation seeks to uphold the fundamental right to privacy by enforcing high standards for transparency, consent, and data security.
It applies to both Data Controllers (who determine how data is used) and Data Processors (who handle data on behalf of controllers).
GDPR enforces privacy by design and default, requiring data protection measures to be embedded into systems and processes.
It emphasizes accountability, requiring documented compliance, impact assessments, and clear governance practices.
Introduction to the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is the European Union’s core data privacy law, applicable since May 25, 2018.
It governs the processing of personal data belonging to individuals in the EU and EEA, regardless of where the data-handling organization is located.
The regulation seeks to uphold the fundamental right to privacy by enforcing high standards for transparency, consent, and data security.
It applies to both Data Controllers (who determine how data is used) and Data Processors (who handle data on behalf of controllers).
GDPR enforces privacy by design and default, requiring data protection measures to be embedded into systems and processes.
It emphasizes accountability, requiring documented compliance, impact assessments, and clear governance practices.
Introduction to the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is the European Union’s core data privacy law, applicable since May 25, 2018.
It governs the processing of personal data belonging to individuals in the EU and EEA, regardless of where the data-handling organization is located.
The regulation seeks to uphold the fundamental right to privacy by enforcing high standards for transparency, consent, and data security.
It applies to both Data Controllers (who determine how data is used) and Data Processors (who handle data on behalf of controllers).
GDPR enforces privacy by design and default, requiring data protection measures to be embedded into systems and processes.
It emphasizes accountability, requiring documented compliance, impact assessments, and clear governance practices.
Key Roles Under GDPR
Key Roles Under GDPR
1
Data Subject
The individual whose personal data is being collected, stored, or processed. GDPR empowers data subjects with rights to access, correct, delete, and control their data.
1
Data Subject
The individual whose personal data is being collected, stored, or processed. GDPR empowers data subjects with rights to access, correct, delete, and control their data.
1
Data Subject
The individual whose personal data is being collected, stored, or processed. GDPR empowers data subjects with rights to access, correct, delete, and control their data.
2
Data Controller
The organization or individual who determines the purpose and means of processing personal data. They bear primary responsibility for compliance.
2
Data Controller
The organization or individual who determines the purpose and means of processing personal data. They bear primary responsibility for compliance.
2
Data Controller
The organization or individual who determines the purpose and means of processing personal data. They bear primary responsibility for compliance.
3
Data Processor
A third party that processes data on behalf of the controller. They are bound by contract and legal obligations under GDPR.
3
Data Processor
A third party that processes data on behalf of the controller. They are bound by contract and legal obligations under GDPR.
3
Data Processor
A third party that processes data on behalf of the controller. They are bound by contract and legal obligations under GDPR.
3
Data Processor
A third party that processes data on behalf of the controller. They are bound by contract and legal obligations under GDPR.
4
Supervisory Authority
The national data protection authority responsible for monitoring compliance, investigating breaches, and enforcing GDPR within each EU member state.
4
Supervisory Authority
The national data protection authority responsible for monitoring compliance, investigating breaches, and enforcing GDPR within each EU member state.
4
Supervisory Authority
The national data protection authority responsible for monitoring compliance, investigating breaches, and enforcing GDPR within each EU member state.
4
Supervisory Authority
The national data protection authority responsible for monitoring compliance, investigating breaches, and enforcing GDPR within each EU member state.
5
Data Protection Officer (DPO)
A mandatory role for certain organizations to oversee GDPR compliance, advise on DPIAs, and serve as the contact point with regulators and data subjects.
5
Data Protection Officer (DPO)
A mandatory role for certain organizations to oversee GDPR compliance, advise on DPIAs, and serve as the contact point with regulators and data subjects.
5
Data Protection Officer (DPO)
A mandatory role for certain organizations to oversee GDPR compliance, advise on DPIAs, and serve as the contact point with regulators and data subjects.
Penalties for Non-Compliance
Penalties for Non-Compliance
The Act imposes strict penalties for violations:
The Act imposes strict penalties for violations:
1
Tier 1 Fines: Up to €10 million or 2% of global annual turnover, whichever is higher, for less severe violations (e.g., improper documentation, record-keeping).
Tier 1 Fines: Up to €10 million or 2% of global annual turnover, whichever is higher, for less severe violations (e.g., improper documentation, record-keeping).
2
Tier 2 Fines: Up to €20 million or 4% of global annual turnover, whichever is higher, for serious violations such as unlawful processing, breach of rights, or failing to notify breaches.
Tier 2 Fines: Up to €20 million or 4% of global annual turnover, whichever is higher, for serious violations such as unlawful processing, breach of rights, or failing to notify breaches.
3
Other Consequences: Reputational damage, litigation risks, and operational disruptions during investigations or audits.
Other Consequences: Reputational damage, litigation risks, and operational disruptions during investigations or audits.
How GoTrust Helps in Complying with GDPR
How GoTrust Helps in Complying with GDPR
GDPR Requirement
GDPR Requirement
How GoTrust Helps
How GoTrust Helps
Consent Management
Consent Management
Allows granular, purpose-based consent collection with multilingual support and timestamped audit trails.
Allows granular, purpose-based consent collection with multilingual support and timestamped audit trails.
Data Discovery & Classification
Data Discovery & Classification
Auto-discovers personal data across databases, files, cloud, and endpoints; classifies data based on sensitivity and context.
Auto-discovers personal data across databases, files, cloud, and endpoints; classifies data based on sensitivity and context.
Data Minimization & Purpose Limitation
Data Minimization & Purpose Limitation
Tags data with processing purpose, retention limits, and legal basis to ensure use is limited and lawful.
Tags data with processing purpose, retention limits, and legal basis to ensure use is limited and lawful.
Rights of the Data Subject (DSARs)
Rights of the Data Subject (DSARs)
Enables intake, verification, and resolution of requests for access, correction, erasure, and data export.
Enables intake, verification, and resolution of requests for access, correction, erasure, and data export.
RoPA (Records of Processing Activities)
RoPA (Records of Processing Activities)
Maintains and updates process maps linked to business units, systems, and legal bases—ready for audits.
Maintains and updates process maps linked to business units, systems, and legal bases—ready for audits.
Legal Basis Governance
Legal Basis Governance
Ensures that each data processing activity has a valid legal justification and flags conflicts or mismatches.
Ensures that each data processing activity has a valid legal justification and flags conflicts or mismatches.
DPIA Automation
DPIA Automation
Provides standardized templates and workflows for conducting DPIAs for high-risk processing activities.
Provides standardized templates and workflows for conducting DPIAs for high-risk processing activities.
Breach Notification & Incident Handling
Breach Notification & Incident Handling
Centralized breach log, impact analysis, and notification workflows to meet 72-hour reporting obligations.
Centralized breach log, impact analysis, and notification workflows to meet 72-hour reporting obligations.
Third-Party Risk & DPA Management
Third-Party Risk & DPA Management
Maintains vendor lists, monitors data sharing agreements, and assesses third-party compliance readiness.
Maintains vendor lists, monitors data sharing agreements, and assesses third-party compliance readiness.
Audit-Ready Reporting & Dashboards
Audit-Ready Reporting & Dashboards
Custom dashboards for compliance teams, showing status, gaps, and risk exposure across privacy domains.
Custom dashboards for compliance teams, showing status, gaps, and risk exposure across privacy domains.
Data Retention & Storage Controls
Data Retention & Storage Controls
Enforces data retention policies, monitors data aging, and supports defensible deletion to meet storage limitation principles.
Enforces data retention policies, monitors data aging, and supports defensible deletion to meet storage limitation principles.
Ready to get started?
Ready to get started?
Ready to get started?
Request a free demo today to see how GoTrust can guide your trust transformation journey
Request a free demo today to see how GoTrust can guide your trust transformation journey
GoTrust Knowledge Hub
GoTrust Knowledge Hub
Stay informed with insights, updates, and expert perspectives on data privacy, compliance, and digital trust.
Stay informed with insights, updates, and expert perspectives on data privacy, compliance, and digital trust.
Stay informed with insights, updates, and expert perspectives on data privacy, compliance, and digital trust.
Stay informed with insights, updates, and expert perspectives on data privacy, compliance, and digital trust.
© 2024-25 GoTrust | Made in Netherlands
info@gotrust.nl
© 2024-25 GoTrust | Made in Netherlands
info@gotrust.nl
© 2024-25 GoTrust | Made in Netherlands
info@gotrust.nl