[
    {
        "role": "user",
        "content": "what%20is%20GDPR"
    },
    {
        "role": "assistant",
        "content": "The **GDPR** stands for the *General Data Protection Regulation*. It\u2019s a law from the European Union (EU) that sets strict rules on how personal data (information that identifies a person) must be handled, whether by organizations inside the EU or by those outside if they deal with EU residents\u2019 data. ([edpb.europa.eu](https://www.edpb.europa.eu/sme-data-protection-guide/faq-frequently-asked-questions/answer/what-gdpr_en?utm_source=openai))\n\n---\n\n## Key Facts\n\n- The GDPR was adopted in **April 2016** and became enforceable on **May 25, 2018**, replacing the older EU Data Protection Directive from 1995. ([techtarget.com](https://www.techtarget.com/whatis/definition/General-Data-Protection-Regulation-GDPR?utm_source=openai))  \n- Its goals are to give individuals more control over their personal data, establish consistent data protection laws across the EU, and ensure better privacy and security in a rapidly digitizing world. ([recordinglaw.com](https://www.recordinglaw.com/world-laws/world-data-privacy-laws/eu-data-privacy-laws/what-is-gdpr/?utm_source=openai))\n\n---\n\n## Who It Affects\n\n- **Data Controllers and Processors**: Anyone who collects, stores, processes, or shares personenbezogene Daten\u2014this could be businesses, government agencies, nonprofits. ([ibm.com](https://www.ibm.com/products/cloud/compliance/gdpr?utm_source=openai))  \n- **Organizations both inside and outside the EU**: Even if a company is based outside the EU, GDPR rules apply if it offers goods or services to EU citizens or tracks their behavior in any way. ([ibm.com](https://www.ibm.com/products/cloud/compliance/gdpr?utm_source=openai))\n\n---\n\n## What Must Organizations Do\n\nBusinesses that handle personal data must follow many requirements. Among the most important:\n\n- Provide **transparency** \u2014 tell people clearly what data you're collecting, why, and how you\u2019ll use it. ([ibm.com](https://www.ibm.com/products/cloud/compliance/gdpr?utm_source=openai))  \n- Have a legitimate **legal basis** for processing data (e.g., consent, contract, legal obligation, vital interests, public interest, or legitimate interests) ([techtarget.com](https://www.techtarget.com/whatis/definition/General-Data-Protection-Regulation-GDPR?utm_source=openai))  \n- Protect the data \u2014 keep it **accurate, secure, and only as much as needed**. Don\u2019t keep data longer than necessary. ([thousandeyes.com](https://www.thousandeyes.com/learning/techtorials/gdpr?utm_source=openai))  \n- Respect individual rights \u2014 people get rights like access to their data, correction, deletion (\"right to be forgotten\"), restrictions on how data can be used, the ability to move their data (data portability), and to object to certain processing. ([ibm.com](https://www.ibm.com/products/cloud/compliance/gdpr?utm_source=openai))  \n\n---\n\n## Principles of GDPR (Article 5)\n\nThe GDPR defines seven core principles that all data-related activities must follow:\n\n1. Lawfulness, fairness, and transparency  \n2. Purpose limitation \u2014 only collect data for a specific, legitimate reason  \n3. Data minimization \u2014 only the data you need  \n4. Accuracy \u2014 data must be correct and up to date  \n5. Storage limitation \u2014 don\u2019t keep data for longer than needed  \n6. Integrity and confidentiality \u2014 ensure data security and privacy  \n7. Accountability \u2014 organizations must be able to prove they\u2019re complying ([gdpr.eu](https://gdpr.eu/what-is-gdpr/?utm_source=openai))\n\n---\n\n## Enforcement & Consequences\n\n- Supervisory authorities in each EU country enforce GDPR. They can investigate breaches, issue warnings, order fixes, and so on. ([eur-lex.europa.eu](https://eur-lex.europa.eu/EN/legal-content/summary/general-data-protection-regulation-gdpr.html?utm_source=openai))  \n- Fines for non-compliance can be severe: up to **\u20ac20 million**, or **4% of global annual turnover**\u2014whichever is higher. ([techtarget.com](https://www.techtarget.com/whatis/definition/General-Data-Protection-Regulation-GDPR?utm_source=openai))  \n\n---\n\nIf you want, I can also break down how GDPR impacts companies in the US or explain how individuals can exercise their rights under it."
    }
]