What is GDPR in one sentence?

Asked by: Ms. Ora Greenfelder  |  Last update: April 22, 2026
Score: 4.8/5 (52 votes)

The General Data Protection Regulation (GDPR) is a strict EU law that protects personal data for individuals in the European Union, giving them rights over their information and imposing strong obligations on organizations worldwide that collect, process, or store EU residents' data, requiring consent and robust security for lawful handling.

What is the GDPR in simple terms?

In simple terms, GDPR (General Data Protection Regulation) is a strict EU law giving people more control over their personal data and requiring companies worldwide to handle it securely, transparently, and fairly, applying to any business that deals with data of EU residents. It emphasizes user rights like accessing, correcting, or deleting their info, mandates data protection by design, and enforces heavy fines for non-compliance. 

What is the short answer of GDPR?

We live in a world where everything we do leaves a digital footprint. From shopping online to signing up for newsletters, our personal information is everywhere. And that's why GDPR (General Data Protection Regulation) exists — to protect our privacy in this increasingly data-driven world.

What are the 7 principles of GDPR?

The 7 principles of GDPR (General Data Protection Regulation) are: Lawfulness, Fairness & Transparency (process data legally, fairly, openly); Purpose Limitation (use data only for specified, legitimate reasons); Data Minimisation (collect only necessary data); Accuracy (keep data correct and up-to-date); Storage Limitation (don't keep data longer than needed); Integrity & Confidentiality (secure the data); and Accountability (demonstrate compliance).
 

How to explain GDPR in an interview?

Key GDPR questions for job interviews, with example answers

If you've worked with the GDPR in previous roles, offer an explanation of the type of work you carried out and how the GDPR related to it. You may also wish to mention any strategies you've used to ensure compliance with the GDPR in your previous work.

GDPR: What Is It and How Might It Affect You?

23 related questions found

What are the 4 pillars of GDPR?

The GDPR enforces four important principles that organizations must adhere to when handling personal data: lawfulness, fairness, and transparency; purpose limitation; data minimization; and accuracy and storage limitation.

What are the three C's of interview questions?

The "3 C's" of interview questions vary, but commonly refer to assessing a candidate's Character, Competence, and Chemistry (or Cultural Fit) to ensure they can do the job, will do it well, and fit the team, or for job seekers, it can be Confidence, Content, and Connection for a successful conversation. Other versions focus on Competency, Compatibility, and Core Values or Credentials, Chemistry, and Compensation. 

Is GDPR only for EU citizens?

The whole point of the GDPR is to protect data belonging to EU citizens and residents. The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not, known as “extra-territorial effect.”

What are the 7 golden rules of data protection?

The principles are: Lawfulness, Fairness, and Transparency; Purpose Limitation; Data Minimisation; Accuracy; Storage Limitations; Integrity and Confidentiality; and Accountability.

How long can you keep data under GDPR?

What is the storage limitation principle? So, even if you collect and use personal data fairly and lawfully, you cannot keep it for longer than you actually need it. There are close links here with the data minimisation and accuracy principles. The UK GDPR does not set specific time limits for different types of data.

What are 5 examples of personal information?

Five examples of personal information include your full name, home address, date of birth, Social Security Number (SSN), and email address, but it also extends to things like your phone number, financial details (bank accounts), biometric data (fingerprints), medical records, and online identifiers (IP address) that can identify you. 

What are the three main goals of GDPR?

When processing personal data a public administration must respect key principles, such as: fair and lawful processing; purpose limitation; data minimisation and data retention.

What are the 5 key responsibilities of a data protection officer?

There are five tasks listed for the DPO in several Articles of the GDPR (35, 37, 38 and 39).

  • Monitoring Compliance with the GDPR.
  • Data Protection Impact Assessment (DPIA)
  • Cooperating with the Supervisory Authority.
  • Risk-Based Approach.
  • Record Keeping.

What is not classed as personal data in GDPR?

Information concerning a 'legal' rather than a 'natural' person is not personal data. Consequently, information about a limited company or another legal entity, which might have a legal personality separate to its owners or directors, does not constitute personal data and does not fall within the scope of the UK GDPR.

What is the GDPR compliance in a nutshell?

At its core, GDPR compliance means an organization that falls within the scope of the General Data Protection Regulation (GDPR) meets the requirements as defined by the law for properly collecting, using, sharing, and protecting personal data, and can demonstrate that it does.

What are the 10 key requirements of GDPR?

  • 10 key GDPR requirements. ...
  • Lawful, fair, and transparent processing. ...
  • Purpose, data, and storage limitation. ...
  • Data accuracy and security. ...
  • Data Protection Impact Assessments (DPIAs) ...
  • Privacy by design and default. ...
  • Controller–Processor contracts (Article 28) ...
  • Data subject rights enablement.

What happens if you violate GDPR?

83(4) GDPR sets forth fines of up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher. Especially important here, is that the term “undertaking” is equivalent to that used in Art.

How can I protect my personal data?

Follow this advice to protect the personal information on your devices and in your online accounts.

  1. Keep Your Software Up to Date.
  2. Secure Your Home Wi-Fi Network.
  3. Protect Your Online Accounts with Strong Passwords and Two-Factor Authentication.
  4. Protect Yourself from Attempts To Steal Your Information.

What is an example of GDPR?

For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data. Since the definition includes “any information,” one must assume that the term “personal data” should be as broadly interpreted as possible.

Is there GDPR in the USA?

Are US companies subject to GDPR? Yes, the GDPR can apply to businesses in the US or any business outside the European Union. As per Article 3 of the GDPR, the territorial scope of the GDPR applies to businesses regardless of whether the processing takes place in the European Economic Area (EEA).

Who is exempt from GDPR?

Some of the most common exemptions include businesses that do not process personal data of living persons, businesses that have no connection with the European Union, derogations for businesses with less than 250 employees, or data processing primarily for personal/household activities.

Which country has the strictest privacy laws?

Which Country Has the Strictest Data Privacy Laws? The country with the strictest data privacy laws related to the internet is Iceland. Many people have referred to Iceland as Switzerland for data. It has incredibly strict privacy laws, and these laws were passed in 2000.

What are trigger words in interviews?

But what about “trigger” words? These are the words that immediately set off a bad reaction in the listener. They just tick people off and should be avoided during the interview.

What is your 3 strength best answer?

To answer "what are your 3 strengths," choose qualities relevant to the job (like problem-solving, adaptability, and communication) and provide brief, specific examples demonstrating how you use them, linking each strength to positive results for the employer by focusing on showing, not just telling. 

What are the five hardest interview questions?

The five hardest interview questions often focus on self-reflection, past mistakes, and future goals, including: "Tell me about yourself," "What's your biggest weakness?", "Why should we hire you?", "Describe a time you failed," and "Why are you leaving your current job?", all designed to reveal self-awareness, resilience, and alignment with the role, requiring honest, strategic answers that highlight growth and value rather than simple facts.