GDPR key concepts

To understand the logic and implementation of the General Data Protection Regulation (GDPR), here are the fundamental concepts to master. Each one is explained in detail in the following pages.

🧠 The foundations of data protection

Discover the essential concepts underpinning the entire GDPR framework:

Understand what constitutes personal data, what processing means, and in which cases the GDPR applies.

🗂️ The record of processing activities

The record is the central tool of GDPR compliance. It lists all processing activities, their purposes, the actors involved and the associated protection measures.

👤 The rights of data subjects

Access, rectification, objection, erasure, portability… Discover the rights individuals hold and how organisations must respect them.

🧮 Risk management and impact assessment

Identify risks to individuals, assess their severity and document control measures. Understand the respective responsibilities between data controller and data processor.

🧱 Privacy by design and by default

Integrate data protection from the design phase of projects and configure systems to ensure privacy by default.

🔐 Security measures and governance

Explore the technical and organisational measures needed to protect data against loss, unauthorised access or alteration.

🚨 Data breach management

Discover best practices for detecting, documenting and notifying a data breach within 72 hours as required by the GDPR.

🤖 What's next: GDPR & AI Act convergence

The GDPR forms the foundation of data governance. The AI Act complements this framework by regulating artificial intelligence systems according to their risk level.