Individuals must provide their explicit and unequivocal consent before their personal data is processed. At any point, they are free to revoke their consent.

Rights of Data Subjects: The GDPR gives individuals certain rights with regard to their personal data, including the opportunity to access, correct, and delete that data as well as the ability to transfer that data in another format.

Data Protection Officers (DPOs): Businesses that handle significant volumes of personal data or engage in high-risk data processing activities are required to designate a DPO.

Data Protection Impact Assessments (DPIAs): To determine the potential effects of data processing on people's privacy, organisations must undertake DPIAs.

Data Breach Notification: Organisations are required to notify the appropriate authorities and the affected parties of any breaches of personal data within 72 hours of becoming aware of them.

Know more :

https://www.reddit.com/user/theknowledgeacademy-/comments/170e0o6/general_data_protection_regulation_gdpr_and_its/?utm_source=share&utm_medium=web2x&context=3