The General Data Protection Regulation (GDPR) of 2016 (entry into force)/2018 (application) standardizes the rules for the processing of personal data by companies throughout the EU.
It replaces Directive 95/46/EC and comprises eleven chapters with a total of 99 articles. It also sets out rights and obligations, contains technology-neutral regulations for various aspects such as social media and artificial intelligence, as well as principles such as the right to be forgotten. The principles of the General Data Protection Regulation (GDPR) must be observed by companies, as violations can be punished with considerable fines.
Employees should be informed about the principles of data processing, including lawfulness, fair processing, transparency, purpose limitation, data minimization, accuracy, storage limitation and the integrity and confidentiality of data processing.