ISpectra Technologies
Privacy · EU Regulation

What is GDPR?

The EU regulation governing how organisations process the personal data of EU residents — with rights for individuals and heavy penalties for breaches.

Definition

The GDPR (General Data Protection Regulation) is the EU’s comprehensive data-protection law. It governs how organisations collect, use, store and share the personal data of people in the EU, and grants individuals strong rights over their data — including access, correction, deletion and portability.

It applies extraterritorially: any organisation anywhere that offers goods or services to, or monitors, EU residents must comply. Penalties can reach €20 million or 4% of global annual turnover.

Key GDPR principles & obligations

1

Lawful basis

A valid legal ground for every processing activity.

2

Data-subject rights

Access, rectification, erasure and portability.

3

DPIAs

Assess risk for high-risk processing activities.

4

Data Protection Officer

Appoint a DPO where required.

5

Breach notification

Report to authorities within 72 hours.

6

International transfers

Safeguards for moving data outside the EU.

Who needs to comply?

Any organisation — regardless of location — that processes the personal data of individuals in the EU, whether as a controller or a processor.

How ISpectra helps

ISpectra operationalises GDPR — data mapping, lawful-basis and consent management, DPIAs, DPO support and breach-response playbooks — so you meet your obligations and can evidence them to regulators and customers.

Talk to an advisor