Skip to main content
Marketing

GDPR

General Data Protection Regulation

Portrait of Lukas Horvath, co-founder of Roelu Studio
Lukas HorvathCo-founder

What is GDPR?

GDPR, the General Data Protection Regulation, is the European Union's data protection law, in force since May 2018. It governs how organizations collect, store, process, and share the personal data of individuals in the EU and EEA, regardless of where the organization is based. Penalties for non-compliance can reach up to four percent of global annual revenue or 20 million euros, whichever is higher.

Why it matters

GDPR is not just a European problem. If you have a single EU customer, employee, or website visitor, you are in scope. The regulation forced an entire generation of websites to clean up how they collect data — consent for cookies, lawful basis for processing, the right to be forgotten, mandatory breach notifications, the works. Companies that treat it as a checkbox exercise end up with fragile compliance and growing legal risk as enforcement tightens. The teams that take it seriously build privacy into the product and the marketing stack from day one, and end up with a stronger trust position as a side effect.

How it works

GDPR applies whenever you process personal data — anything that can identify a living person, from names and emails to IP addresses and cookie IDs. Each processing activity needs a lawful basis: consent, contract, legal obligation, vital interests, public task, or legitimate interest. Organizations must maintain records of what data they hold, why, where, and for how long. Individuals have the right to access their data, correct it, delete it, and object to processing. International data transfers — for example, sending EU data to a US vendor — require specific safeguards. A Data Protection Officer is required for larger or higher-risk operations, and breaches must be reported within 72 hours.

Related terms

  • Cookie Banner

    Marketing

    The notice that pops up to ask visitors whether they consent to tracking cookies — legally required in many regions, almost universally hated by everyone…

  • Google Analytics 4

    Marketing

    Google's current analytics platform — the forced replacement for Universal Analytics — built around events instead of sessions, and the default free analytics…

  • PostHog

    Marketing

    An open-source product and web analytics platform that combines events, session replay, feature flags, A/B testing, and heatmaps in one tool — the all-in-one…

  • Attribution Modeling

    Marketing

    The work of assigning credit to the marketing touchpoints that contributed to a sale — first click, last click, or some weighted model in between — so you know…

  • Email Marketing

    Marketing

    Using email to talk to people who asked to hear from you — newsletters, drip sequences, product updates, promotional offers — still the highest-ROI channel in…

  • Marketing Automation

    Marketing

    Software that runs repetitive marketing work on autopilot — email sequences, lead scoring, segmentation, follow-ups — so the team can spend its time on the…