> For the complete documentation index, see [llms.txt](https://doc.dastra.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://doc.dastra.eu/en/useful-reminders/gdpr-key-concepts.md). # GDPR key concepts To understand the logic and implementation of the **General Data Protection Regulation (GDPR)**, here are the fundamental concepts to master. Each one is explained in detail in the following pages. *** ### 🧠 The foundations of data protection Discover the essential concepts underpinning the entire GDPR framework: > Understand what constitutes personal data, what processing means, and in which cases the GDPR applies. {% content-ref url="/pages/-Lvf\_k\_CxCfRTlNhNBHQ" %} [Personal data](/en/useful-reminders/gdpr-key-concepts/personal-data.md) {% endcontent-ref %} {% content-ref url="/pages/3l4lwLPgwRy2HsDAy3fX" %} [Data retention period](/en/useful-reminders/gdpr-key-concepts/data-retention-period.md) {% endcontent-ref %} *** ### 🗂️ The record of processing activities > The record is the central tool of GDPR compliance. It lists all processing activities, their purposes, the actors involved and the associated protection measures. {% content-ref url="/pages/-Lvfac70bYn9YDhTkikw" %} [Record of processing activities (ROPA)](/en/useful-reminders/gdpr-key-concepts/record-of-processing-activities.md) {% endcontent-ref %} *** ### 👤 The rights of data subjects > Access, rectification, objection, erasure, portability… Discover the rights individuals hold and how organisations must respect them. {% content-ref url="/pages/-LvfcEx8zVkR2oboVn8q" %} [Data Subject Rights (DSR)](/en/useful-reminders/gdpr-key-concepts/data-subject-rights.md) {% endcontent-ref %} *** ### 🧮 Risk management and impact assessment > Identify risks to individuals, assess their severity and document control measures. Understand the respective responsibilities between data controller and data processor. {% content-ref url="/pages/p4TlyQA9nOkM8d3oWHBq" %} [Privacy impact assessment](/en/useful-reminders/gdpr-key-concepts/impact-assessment.md) {% endcontent-ref %} {% content-ref url="/pages/A3gMs9KLnUGSFVzlMa98" %} [Risk management](/en/useful-reminders/risk-management.md) {% endcontent-ref %} *** ### 🧱 Privacy by design and by default > Integrate data protection from the design phase of projects and configure systems to ensure privacy by default. {% content-ref url="/pages/-LvikkhO07i3lHEC8\_wn" %} [Privacy by design and by default](/en/useful-reminders/gdpr-key-concepts/privacy-by-design.md) {% endcontent-ref %} *** ### 🔐 Security measures and governance > Explore the technical and organisational measures needed to protect data against loss, unauthorised access or alteration. {% content-ref url="/pages/HZ7BHBxW3vOIuUoFleaJ" %} [Security measures](/en/useful-reminders/gdpr-key-concepts/security-measures.md) {% endcontent-ref %} *** ### 🚨 Data breach management > Discover best practices for detecting, documenting and notifying a data breach within 72 hours as required by the GDPR. {% content-ref url="/pages/-LvimaETO0GawlKQPxAq" %} [Data breach notifications](/en/useful-reminders/gdpr-key-concepts/data-breaches.md) {% endcontent-ref %} *** ### 🤖 What's next: GDPR & AI Act convergence The GDPR forms the foundation of **data governance**. The **AI Act** complements this framework by regulating **artificial intelligence systems** according to their risk level. {% content-ref url="/pages/4gJmuBpEKTAML1FBam7d" %} [AI Systems](/en/features/ai-systems.md) {% endcontent-ref %} *** {% hint style="warning" %} These concepts form the basis of your compliance approach. Each of them is covered in depth in the Dastra documentation, with examples, practical use cases and implementation guides. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.dastra.eu/en/useful-reminders/gdpr-key-concepts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.