The GDPR (General Data Protection Regulation), RGPD in French, is Regulation (EU) 2016/679, in force since 25 May 2018 across the European Union. It governs the processing of personal data — any information relating to an identified or identifiable natural person.
The text rests on several core principles: lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability (accountability). It distinguishes the data controller, who decides the purposes, from the processor, who acts on the controller's behalf — a relationship that must be governed by a DPA.
The GDPR grants individuals a set of rights: access, rectification, erasure, portability, objection and restriction. It requires, among other things, maintaining a record of processing activities (Article 30), notifying data breaches and, in certain cases, appointing a data protection officer (DPO). In France, the supervisory authority is the CNIL, whose fines can reach 20 million euros or 4% of annual worldwide turnover.
Complying with the GDPR means mastering the data lifecycle: retention periods, access traceability, security. eyeot's electronic document management contributes to this documentary control (classification, versioning, audit log), supporting the compliant handling of documents that contain personal data.