What is GDPR?
The EU regulation governing how organisations process the personal data of EU residents — with rights for individuals and heavy penalties for breaches.
Definition
The GDPR (General Data Protection Regulation) is the EU’s comprehensive data-protection law. It governs how organisations collect, use, store and share the personal data of people in the EU, and grants individuals strong rights over their data — including access, correction, deletion and portability.
It applies extraterritorially: any organisation anywhere that offers goods or services to, or monitors, EU residents must comply. Penalties can reach €20 million or 4% of global annual turnover.
Key GDPR principles & obligations
Lawful basis
A valid legal ground for every processing activity.
Data-subject rights
Access, rectification, erasure and portability.
DPIAs
Assess risk for high-risk processing activities.
Data Protection Officer
Appoint a DPO where required.
Breach notification
Report to authorities within 72 hours.
International transfers
Safeguards for moving data outside the EU.
Who needs to comply?
Any organisation — regardless of location — that processes the personal data of individuals in the EU, whether as a controller or a processor.
How ISpectra helps
ISpectra operationalises GDPR — data mapping, lawful-basis and consent management, DPIAs, DPO support and breach-response playbooks — so you meet your obligations and can evidence them to regulators and customers.
Talk to an advisor