General Data Protection Regulation
GDPR is the European Union's data protection regulation requiring organizations to protect the personal data and privacy of EU citizens, with strict rules on data collection, processing, and the right to erasure.
⚙️ How Does It Work?
Organizations must implement privacy by design, obtain explicit consent, enable data subject rights, and report breaches within 72 hours.
📍 Where Is It Used?
Any organization processing personal data of EU residents — globally applicable regardless of where the organization is based.
💡 Real-World Example
A user submits a right to be forgotten request. Under GDPR, the company must delete all personal data about that user within 30 days. The IGA system must also revoke all of the user's access.
🔗 Related Terms
CIAM
Privacy
Data Governance
Compliance
IGA
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →