Skip to content

What is GDPR?

The General Data Protection Regulation (opens in a new tab) (GDPR) is a comprehensive consumer privacy law that protects the data privacy rights of all EU citizens. If your businesses offer products or services to EU citizens and collect and process their personal data, you must comply with GDPR. You can the steps in this guide to ensure GDPR compliance.

Who is Subject to GDPR?

GDPR applies to businesses or "controllers" that offers goods or services to citizens in the EU, and in doing so, collect and process their personal data.

GDPR defines personal data as "any information relating to an identified or identifiable natural person (‘data subject’)." It also uses a broad definition of "processing" to include anything relating to the collection, storage, retrieval, disclosure, and erasure of personal data.

Businesses that aren't based in the EU but process the personal data of EU citizens are still required to comply with GDPR. This gives Europe's privacy law a wide jurisdiction and increases the number of businesses subject to it.

Before making changes to your business operations, confirm whether or not your business collects and processes the personal data of EU citizens. If it does, your business can use the steps listed in this guide to achieve and maintain GDPR compliance.