GDPR
General Data Protection Regulation: EU law governing how personal data is collected, stored, and processed. Requires consent, data portability, and the right to be forgotten.
What is GDPR?
General Data Protection Regulation: EU law governing how personal data is collected, stored, and processed. Requires consent, data portability, and the right to be forgotten.
GDPR is a intermediate-level concept that sits in the Data Governance & Compliance area of system design. Engineers reach for it whenever they need to reason about real-world trade-offs in that space — not just for textbook correctness, but because real production systems at companies like Netflix, Amazon, and Google make these decisions every day.
If you want to go deeper than this definition — with diagrams, code, and a quiz to lock it in — work through the "GDPR" lesson linked below. It walks through the why, the mechanism, the trade-offs, and how the giants actually use it in production.
Learn GDPR in depth
Full interactive lesson with diagrams, code examples, real-world references, and a quiz.
Open the GDPR lessonRelated lessons
Lessons that touch on GDPR as part of a larger topic.
GDPR Compliance
The engineer's guide to GDPR: understand the regulation that changed how every tech company handles personal data
intermediate · data governance compliance
Data Retention Policies
Define how long data is kept, when it's archived, and when it's deleted, balancing compliance, cost, and utility
intermediate · data governance compliance
Data Privacy
Protect personal information by design, privacy isn't a feature you add later, it's an architecture decision
intermediate · data governance compliance
Data Anonymization
Remove all identifying information so individuals can never be re-identified, the strongest form of privacy protection
intermediate · data governance compliance
Data Pseudonymization
Replace identifiers with tokens, reversible with the right key, offering a middle ground between raw data and full anonymization
intermediate · data governance compliance
See also
Related glossary terms you might want to look up next.
PII
Personally Identifiable Information: any data that can identify a specific individual, like name, email, SSN, or IP address. Must be encrypted and access-controlled.
Data Encryption
Transforming data into an unreadable format using cryptographic algorithms. Encryption at rest protects stored data; encryption in transit protects data over the network.
Data Lineage
Tracking data from its origin through every transformation and system it passes through. Answers 'where did this number come from?' for audits and debugging.