GDPR Foundations

What is GDPR and Why It Matters?

A practitioner’s orientation to the General Data Protection Regulation — its legal basis, the shift from the 1995 Directive, why enforcement is a genuine financial risk, and why GDPR compliance has become a commercial prerequisite for organisations serving European markets.

Explore Resource

Key Definitions and Core Concepts

A precise reference for the defined terms in Article 4 — personal data, processing, controller, processor, pseudonymisation, consent, and the distinctions that determine whether GDPR applies and who bears which obligations.

Explore Resource

Territorial Scope — Who Must Comply

How GDPR’s extraterritorial reach applies to organisations established outside the EU — including Indonesian companies that offer services to EU residents or monitor their behaviour — and what that means for compliance obligations.

Explore Resource

The Six Lawful Bases for Processing

A decision framework for selecting the right lawful basis under Article 6 — consent, contract, legal obligation, vital interests, public task, and legitimate interests — with the consequences of each choice for data subject rights and organisational obligations.

Explore Resource

Rights of Data Subjects

The nine rights that GDPR grants to individuals — access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making — with response timelines, exemptions, and what each right requires operationally.

Explore Resource

Roles: Controller, Processor, and Joint Controller

How GDPR allocates responsibility between data controllers, data processors, and joint controllers — the legal definitions, the obligations that follow from each role, and the contractual requirements under Article 28.

Explore Resource

What is GDPR and Why It Matters?

Key Definitions and Core Concepts

Territorial Scope — Who Must Comply

The Six Lawful Bases for Processing

Rights of Data Subjects

Roles: Controller, Processor, and Joint Controller

GDPR Foundations

What is GDPR and Why It Matters?

Key Definitions and Core Concepts

Territorial Scope — Who Must Comply

The Six Lawful Bases for Processing

Rights of Data Subjects

Roles: Controller, Processor, and Joint Controller

GDPR Requirements

Data Protection Principles

Lawfulness of Processing and Consent

Special Categories of Personal Data

Data Subject Rights: Obligations and Timelines

Privacy by Design and Default

Records of Processing Activities

Data Protection Impact Assessments

Data Protection Officers

GDPR Implementation Process

GDPR Implementation Roadmap

Data Mapping and Inventory

Lawful Basis Assessment and Documentation

Consent Management

Privacy Notices and Transparency

Data Subject Rights Procedures

Vendor and Processor Management

Cross-Border Data Transfers

GDPR Enforcement and Accountability

The Accountability Principle in Practice

Supervisory Authorities and the One-Stop-Shop Mechanism

Personal Data Breach Notification (72-Hour Rule)

GDPR Fines and Enforcement Actions

Codes of Conduct and Certification Schemes

GDPR Audits and Compliance Verification

Common Reasons GDPR Programmes Fail

GDPR Controls and Safeguards

Technical and Organisational Measures (TOMs)

Encryption, Pseudonymisation, and Anonymisation

Access Control and Identity Management

Data Retention, Deletion, and Minimisation

Security of Processing

ISO 27001 and GDPR — Mapping Controls

Building the GDPR Evidence Portfolio

GDPR In Context

GDPR for Technology and SaaS Companies

GDPR for Financial Services

GDPR for Healthcare and Clinical Research

GDPR and AI — The Emerging Landscape

GDPR Outside the EU — Third Country Compliance

GDPR and Indonesian Organisations

Building a Compliance-Ready Privacy Programme