Glossary / Regulation
GDPR
The GDPR is the European Union regulation governing how personal data of people in the EU is collected and processed, setting rules on lawful basis, consent, and individual rights that directly shape CIAM.
Also: GDPR, General Data Protection Regulation
The General Data Protection Regulation is the European Union’s core privacy law. It applies to any organization processing the personal data of people in the EU, wherever that organization is based, and it requires a lawful basis for processing, of which consent is one. Where consent is used, it must be freely given, specific, informed, and easy to withdraw.
The GDPR also grants individuals rights over their data, including access, correction, deletion, portability, and objection, and it requires organizations to honor those requests and to demonstrate compliance. Penalties for serious breaches reach into a percentage of global turnover.
For CIAM, the GDPR is the law that turns identity into a privacy responsibility. Registration, consent capture, preference centers, and data-rights handling all have to be built so the organization can prove it meets these obligations.
Sources
- Regulation (EU) 2016/679 (GDPR): https://eur-lex.europa.eu/eli/reg/2016/679/oj
Related terms
Standards
- Regulation (EU) 2016/679