Globaprom.

What Is the GDPR? General Data Protection Regulation, Explained

The GDPR (General Data Protection Regulation) is the European Union's data privacy law. It governs how organizations collect, store, and use the personal data of people in the EU, and it has applied since May 25, 2018.

Its reach is wider than many teams expect. The regulation applies to organizations inside and outside the EU whenever they offer goods or services to people in the EU or monitor their behavior, per Article 3. A US software company with European users falls under it just as a French retailer does. The full legal text is Regulation (EU) 2016/679.

At the definition level, the GDPR requires a few core things. Organizations must have a lawful basis (consent is only one of six) before processing personal data. People get enforceable rights over their data: access, correction, erasure, and portability. And when a breach is likely to put people at risk, the organization must notify its supervisory authority within 72 hours of becoming aware of it, where feasible (Article 33).

Enforcement has teeth. Fines run in two tiers: up to 10 million euros or 2% of worldwide annual turnover for lower-tier infringements, and up to 20 million euros or 4%, whichever is higher, for the most serious ones (gdpr.eu).

This page is a definition, not legal advice. For compliance questions, talk to a data protection professional.

Why it matters for custom software

GDPR obligations reach into software design itself: what you log, how long you keep it, whether users can export or delete their data. Building those behaviors in from the start costs little, while retrofitting them is painful. It's a standing consideration in every multilingual product we build for EU markets, alongside the security practices that support it.

Related terms