GDPR

The GDPR (General Data Protection Regulation) is the European Union's comprehensive privacy law. It applies to any organisation handling the personal data of people in the EU — regardless of where the company is based — and grants individuals rights to access, correct, and delete their data. Penalties reach into the tens of millions of euros, so even small US firms with EU customers need a lawful basis for processing and a way to honour data-subject requests.