Skip to main content
Learn more about the latest security and privacy threats
Back to Glossary

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a European Union privacy law that came into effect in May 2018. It governs how personal data must be collected, processed, and protected. The regulation is designed to give individuals more control over their data and to harmonize data privacy laws across Europe.

About General Data Protection Regulation (GDPR)

What are the 7 basic principles of GDPR?

GDPR is built on seven core principles: lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality (security); and accountability. These principles guide how data should be collected and managed throughout its lifecycle and place strong obligations on data controllers and processors.

What data types are covered by GDPR?

GDPR protects any personal data that can directly or indirectly identify an individual. This includes names, identification numbers, email addresses, IP addresses, location data, and even biometric or genetic data. Sensitive data such as racial or ethnic origin, political opinions, religious beliefs, or sexual orientation is subject to even stricter rules.

Does GDPR apply to the US?

Yes, GDPR applies to any organization that processes the personal data of individuals located in the EU, regardless of where the organization itself is based. This means U.S. businesses, particularly those in e-commerce, SaaS, marketing, or cloud services, must comply with GDPR if they collect data from EU users. Failure to comply can result in heavy fines and reputational damage.

Secure verifications for every industry

We provide templated identity verification workflows for common industries and can further design tailored workflows for your specific business.

Book a Demo