back to glossary

European Data Protection Regulation (GDPR)

The European General Data Protection Regulation (GDPR) entered into force on May 25, 2018, on the basis of an EU regulation and regulates the handling of personal data by companies and other legal entities.

What is meant by European General Data Protection Regulation (GDPR)?

The European General Data Protection Regulation (GDPR) came into force on May 25, 2018 on the basis of an EU regulation and regulates the handling of the processing of personal data of citizens of the European Union by companies and other legal entities. This is intended to ensure the protection of personal data within the European Union on the one hand, and also to guarantee the free movement of data within the European Single Market on the other. For example, since the introduction of the General Data Protection Regulation, companies must obtain the consent of the data subject before storing and processing personal data.

The GDPR lists the following six principles for the processing of personal data in Art. 5:

  • Lawfulness, fair processing, transparency.
  • Purpose limitation (processing only for specified, explicit and legitimate purposes).
  • Data minimization (“adequate and relevant to the purpose and limited to what is necessary”)
  • Accuracy (“all reasonable steps must be taken to ensure that inaccurate personal data are erased or rectified without undue delay”)
  • Storage limitation (data must be “kept in a form which permits identification of data subjects for no longer than is necessary”)
  • Integrity and confidentiality (“appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage”)

The controller must demonstrate compliance with all of these principles. Non-compliance may be punishable by a severe fine of up to EUR 20 million or, in the case of a company, up to 4% of its total annual worldwide turnover (Art.83 para.5 lit.a).

Right to be forgotten

The right to be forgotten is one of the central provisions of the GDPR. It means that a data subject has the right to request the erasure of all data concerning him or her if the reasons for storing the data no longer apply. It should be noted that the controller must delete data on its own initiative if the legal basis for further processing has ceased to exist.

Contracts can be enjoyable. Get started with fynk today.

Companies using fynk's contract management software get work done faster than ever before. Ready to give valuable time back to your team?

Schedule demo

By using our website you agree to our privacy policy and cookie policy .