GDPR
The EU’s General Data Protection Regulation, establishing strict requirements for personal data collection, processing, and individual rights.
Definition
A landmark regulation that grants EU citizens rights over their personal data (access, rectification, erasure, portability), requires lawful bases for processing, enforces data-minimization, and imposes breach-notification duties within 72 hours. AI systems handling EU personal data must implement consent mechanisms, privacy-by-design, data-protection impact assessments, and robust data-subject request workflows to maintain compliance and avoid steep fines.
Real-World Example
A ride-sharing app serving EU customers revises its AI-driven route-optimization service to include a consent banner for location tracking, allows users to download their historical trip data, and automatically deletes location logs older than 30 days—ensuring every user’s GDPR data rights are respected.
.svg)
