Here are the basic rules of the GDPR:
- Fair data processing: Process personal data in a lawful, fair, and transparent manner.
- Purpose limitation and consent: Process data only for necessary purposes unless additional user consent is obtained.
- Data minimization and store limitation: Only collect as much personal data as needed, and don’t store data for longer than is necessary.
- Privacy by Design: Proactively integrate data protection into the design of new products and systems.
- Data subject rights: Honor users’ rights to request the access, correction, deletion, or transfer of their data.
- Data breach notification: If there’s a data breach, inform data protection authorities within 72 hours, and inform users as soon as possible.