# GDPR for Non-Lawyers: Principles, Legal Bases, and User Rights
**Summary**
The **General Data Protection Regulation (GDPR)** aims for data processing that is **lawful, fair, and transparent**. This is what a student/creator really needs.
## 1) Key concepts
* **Personal data**: information identifying or potentially identifying a person (name, email, IP, photo, voice…).
* **Processing**: any operation on data (collect, store, publish, erase…).
* **Controller/Processor**: the entity deciding the purposes (controller) and the one processing on its behalf (processor).
## 2) Core principles (memory cues)
* **Lawfulness, fairness, transparency**.
* **Purpose limitation**.
* **Data minimisation**.
* **Accuracy**.
* **Storage limitation**.
* **Integrity and confidentiality**.
* **Accountability**.
## 3) Legal bases (when processing is allowed)
* **Valid consent** (explicit, informed, revocable).
* **Contract performance**.
* **Legal obligation**.
* **Vital interests**.
* **Public task**.
* **Legitimate interests** (with balancing and safeguards).
## 4) Data subject rights
* Access, rectification, erasure, objection, restriction, portability, and the right **not** to be subject to automated decisions without safeguards.
## 5) Good practice for an academic blog
* Collect **only** what’s needed (comments).
* Explain in **Privacy & Cookies**: what, why, and for how long.
* Provide a contact to exercise rights.
* Keep backups and basic security.
*Image: TheDigitalArtist — CC0 1.0 (Public Domain) — Source: https://commons.wikimedia.org/wiki/File:EU_gdpr.jpg*
Leave a Reply