GDPR
- general data protection regulation
- entities
- data subject: human
- data controller: collects data
- data processor
- requirements
- explicit consent
- subject must know why data is collected
- subject may allow storing data but deny processing
- subject may demand destroying data
- security breach reported during 72 hours after discovery
Civil law system
- based on laws
Common law system
- based on precedent cases