Security & data standard
GDPR
EU data privacy and consent rules with global reach.
Applies to: Anyone serving EU residentsWhat it is
The General Data Protection Regulation governs how personal data of people in the EU is collected, used, and stored.
It applies regardless of where your business is located.
Who must comply
- Any organization processing personal data of EU residents
- Marketers, SaaS platforms, and e-commerce sites with EU traffic
Key requirements
- Lawful basis for processing, including valid consent
- Data subject rights: access, correction, erasure, portability
- Privacy notices, data processing agreements, breach reporting
- Records of processing activities
Risks of non-compliance
Fines up to 4 percent of global annual revenue.
This is educational and not legal advice. Talk to your attorney about your specific exposure.
How Scale helps
We implement consent management, data minimization, and the documentation a Data Protection Officer needs.
