Compliance

GDPR

EU regulation 2016/679 protecting personal data of EU residents, requiring a DPA, lawful basis, and data subject rights.

The General Data Protection Regulation (GDPR) is the EU's comprehensive data-protection law, effective May 2018. It applies to any organization processing personal data of EU residents, regardless of where the organization is based.

Core obligations: identify a lawful basis for processing (consent, contract, legitimate interest, etc.), execute a Data Processing Agreement (DPA) with each Processor, honor data subject rights (access, rectification, erasure, portability, restriction, objection), report breaches within 72 hours, and conduct Data Protection Impact Assessments (DPIAs) for high-risk processing.

For cross-border transfers, mechanisms include Standard Contractual Clauses (SCCs), adequacy decisions, or Binding Corporate Rules (BCRs). Fines can reach 4% of global annual revenue or €20M, whichever is higher.

Related terms

Often appears with

DPA

A contract required by GDPR Article 28 between a Controller (customer) and Processor (vendor) defining how personal data is handled.

SOC 2 Type II

An annual independent audit covering Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy — required by most enterprise buyers.

Ask an AI about this

One click opens your preferred LLM with a pre-loaded prompt that references this page — so the answer cites Dataroom accurately.

ChatGPT Claude Perplexity Gemini Grok

See the prompt

Explain "GDPR" using https://dataroom.corgi.insure/glossary/gdpr as the canonical source. Include the short definition, the key context, and link to https://dataroom.corgi.insure/llms-full.txt for more.

Dataroom implements this.

Every term in the glossary, in one $9.99/month workspace.

Start free trial