[siq_searchbox type="search-bar" placeholder="Search" width="250" placement="right"]
What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a European law that governs how companies (whether European Union- or UK-based or not) use personal data. The UK has its own GDPR (UK GDPR) which is very similar to the GDPR.
Side note: In the EU and UK, personal data means almost anything that could identify a person – not just names, email addresses, addresses and phone numbers, but also device IDs, IP addresses and even some cookie data.
Does the GDPR apply to me?
Yes, if you are an EU- or UK-based company or have an EU- or UK-based affiliate; offer goods or services to EU- or UK-based individuals (whether for payment or not); or monitor the behaviour of EU- or UK-based individuals (including via cookies). This means that even companies providing business-to-business services to businesses based in the EU and UK, such as hosted data services, data analytics platforms and outsourced business functions, may be covered. It is important to remember that the GDPR and UK GDPR do not discriminate by sector.
OK, so what do I have to do to comply with the GDPR and UK GDPR?
It really depends on your role in respect of the personal data. If you are a data controller and in charge of deciding what happens to the data, you have numerous obligations; if you are a data processor or sub-processor being told by someone else what to do with that data, you have fewer obligations than data controllers. Regardless of your role, you will need to:
- Account for the data you process (e.g., by keeping clear records on what you do with data).
- Put privacy high up on your list, both at the inception of the product or service and throughout its life cycle (including ensuring adequate security).
What happens if I don’t comply with the GDPR and UK GDPR?
If you breach the GDPR or UK GDPR, you could face fines of up to, respectively, 20 million euros or 17.5 million pounds, or 4% of worldwide annual turnover (whichever is greater).
Last reviewed: September 3, 2025
