GDPR
The General Data Protection Regulation — the EU's comprehensive data protection law governing how personal data is collected, processed, and stored.
What GDPR means
The General Data Protection Regulation (GDPR) is the EU's landmark data protection law that took effect in May 2018. It applies to any organization processing personal data of EU residents, regardless of where the organization is located. Key principles include lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability. For advertisers, GDPR impacts virtually every aspect of digital advertising — from pixel-based tracking (requiring consent) to audience targeting (requiring legal basis) to data sharing with platforms (requiring DPAs). Penalties can reach €20 million or 4% of global annual revenue. GDPR has become the global reference standard for data protection, influencing regulations worldwide including CCPA, LGPD, PIPL, and others.
Related terms
Consent
A user's explicit or implied permission for data collection, processing, or advertising targeting, required by privacy regulations.
Data Controller
The entity that determines the purposes and means of processing personal data, bearing primary responsibility under GDPR.
Data Processor
An entity that processes personal data on behalf of a data controller, bound by a data processing agreement.
Data Subject Access Request
A formal request from an individual to access, correct, or delete their personal data held by an organization.