GDPR

General Data Protection Regulation. EU privacy law in force since 2018. Establishes user rights (access, rectification, erasure, portability) and obligations on controllers and processors. Identity systems must support data subject requests and granular consent.