The GDPR, or General Data Protection Regulation, is the European Union's data protection law governing how organizations collect, use, and safeguard the personal data of people in the EU. It grants individuals rights over their data and requires a lawful basis for processing. It applies to any organization handling EU residents' data, regardless of where the organization is based.
GDPR applies extraterritorially, so a company anywhere can fall under it by serving EU users. Core obligations include a lawful basis for processing, honoring data-subject rights, data protection by design, and breach notification within 72 hours.
Penalties are significant: up to 20 million euros or 4 percent of global annual revenue, whichever is higher. Many of its concepts map closely to other modern privacy laws, including Quebec Law 25.
traztech delivers privacy and data-protection readiness for startups and growth-stage companies, led by a published CVE researcher.
Book a call