Geek Culture
Published in

Geek Culture

A quick Introduction to GDPR

Photo by Bernard Hermant on Unsplash

Which companies need to comply with GDPR?

GDPR applies to all organizations which offer goods and/or services to citizens in the EU (European Union).

What is Personal Data according to GDPR?

Its important to understand the meaning of “personal data” as established under GDPR.

Basic definitions associated with GDPR

Following are some basic definitions associated with GDPR:

  • Processing — This refers to any action that’s done on the data. This includes collecting, recording, storing, processing etc.
  • Controller — This is the person that decides how and why to collect and use the data. (The controller will usually be an organization)
  • Processor — It is a separate person or organization who processes data on behalf of the controller and in accordance with their instructions.
  • Data Subject — It refers to the individual whose personal data is being stored.

Data Subject Rights granted by GDPR

GDPR confers eight data subject rights to every individual. These rights are in relation to their “personal data” stored with the organization.

an inforgraphic listing the eight GDPR data subject rights
Eight data subject rights — Image Source
  1. Right to information — This right allows the individual to know what data is being collected, who is collecting or processing it, what is the intended use, for how long it is being retained, how long will it be kept etc.
  2. Right to access — This right allows the individual to request for access to their personal data.
  3. Right to rectification — This right allows individuals to request for rectification of their data, which they might have found to be inaccurate or incomplete.
  4. Right to Erasure — This right allows individuals to ask for their personal data to be deleted (provided it does not conflict with legitimate reasons against this right)
  5. Right to restrict processing — This right allows individuals to ask the organizations to stop the processing of their personal data.
  6. Right to data portability — This right allows individuals to get access to their personal data (stored with the organization) in a structured and easily readable manner.
  7. Right to Object — This right allows individuals to object to the processing of their personal data (provided it does not conflict with legitimate reasons against this right).
  8. Right in relation to automatic decision making and profiling — This means that individuals now have the right to not be subject to automated decision making if it has a significant legal implication on them. (However, it won’t be apply if processing is necessary for performance of a lawful contract or based on explicit consent)

Seven Basic Data Protection Principles under GDPR

In order to build a good data protection practice, GDPR lays down seven data protection principles for organizations to adhere to. These are at the heart of the GDPR and act like guiding principles to ensure compliance among organizations. The seven principles are:


GDPR is a landmark legislation that puts the individuals right to privacy at center stage. It confers rights on individuals and puts obligations on companies in relation to the personal data of users.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vikram Goyal

Currently PM@Airmeet — building a kick-ass product for conducting remote events and conferences.