[[GDPR]] stands for [[General Data Protection Regulation]]. It is a regulation in the [[European Union]] ([[EU]]) that governs the privacy and protection of personal data of individuals within the EU. GDPR was implemented on May 25, 2018, and it applies to all organizations, both inside and outside the EU, that process personal data of EU residents. The main purpose of GDPR is to give individuals more control over their personal data and to ensure that organizations handle this data responsibly. It sets out specific guidelines and requirements for how personal data should be collected, processed, stored, and protected by organizations. GDPR also grants individuals certain rights, such as the right to access their personal data, the right to request its deletion, and the right to know how their data is being used. Organizations that fail to comply with GDPR can face significant fines and penalties. The regulation has had a global impact on businesses as many companies worldwide have had to adapt their policies and practices to meet GDPR requirements if they handle personal data of EU residents. ## What is the relationship between GDPR and HIPAA? The relationship between GDPR (General Data Protection Regulation) and [[HIPAA]] ([[Health Insurance Portability and Accountability Act]]) is that they are both regulations designed to protect personal data and privacy. GDPR is a regulation enacted by the European Union (EU) that sets guidelines for the protection of personal data of individuals within the EU. It applies to businesses and organizations that handle personal data of EU citizens, regardless of where those businesses are located. GDPR focuses on ensuring transparency, consent, accuracy, security, and accountability in handling personal data. HIPAA, on the other hand, is a US legislation that primarily focuses on protecting the privacy and security of individually identifiable health information. It applies to healthcare providers, health plans, and healthcare clearinghouses. HIPAA sets standards for maintaining the confidentiality of [[protected health information]] ([[PHI]]), ensuring its availability when needed, and safeguarding it against unauthorized access or disclosure. While GDPR and HIPAA have similar goals of protecting personal data and privacy rights, there are some differences in their scope and requirements. GDPR has a broader application as it covers all types of personal data beyond just health information. It also has stricter consent requirements and provides individuals with more control over their data. HIPAA specifically targets healthcare-related organizations and places emphasis on protecting PHI. For organizations that fall under both GDPR and HIPAA jurisdictions, they must ensure compliance with both regulations by implementing appropriate measures to protect personal data as required by each regulation. This may involve implementing technical safeguards, obtaining proper consent for data processing activities, establishing appropriate policies and procedures for handling personal data securely, conducting regular risk assessments, training employees on privacy practices, etc. # References ```dataview Table title as Title, authors as Authors where contains(subject, "GDPR") or contains(title, "GDPR") ```