Leep.
HomeBusiness DevelopmentWeb & EngineeringWork
Contact
Log in
Leep.

Custom websites and web applications for ambitious companies.

Navigation

  • Home
  • Work
  • Contact

Services

  • Website
  • App
  • AI Implementation

Resources

  • Articles
  • Dictionary

Contact

  • hello@leep.no

© 2026 Leep. All rights reserved.

Back to Dictionary
Business

What is GDPR?

General Data Protection Regulation

Last updated: January 15, 2025

On this page

TL;DRExampleExplanationWhy It MattersRelated Terms

TL;DR

GDPR is the EU law that gives people control over their personal data and sets strict rules for how companies must handle it.

Example

What GDPR requires:

  • Tell users what data you collect and why
  • Get explicit consent before collecting data
  • Allow users to see, change, or delete their data
  • Report data breaches within 72 hours
  • Appoint a Data Protection Officer (for larger companies)

GDPR in practice:

  • Cookie consent popups on websites
  • "Delete my account" options
  • Privacy policies explaining data use
  • Opt-in (not opt-out) for marketing emails

Penalties for violations: Up to €20 million or 4% of global annual revenue, whichever is higher.

Famous GDPR fines:

  • Meta: €1.2 billion (data transfers)
  • Amazon: €746 million (targeted advertising)
  • Google: €90 million (cookie consent)

Explanation

Key GDPR Concepts

Personal data: Any info that can identify a person (name, email, IP address, location)

Data controller: The company deciding what data to collect

Data processor: A third party processing data on your behalf

Lawful basis: The legal reason you're allowed to process data:

  • Consent (user agreed)
  • Contract (needed to fulfill an agreement)
  • Legal obligation (required by law)
  • Legitimate interest (reasonable business need)

GDPR Rights

People have the right to:

  1. Be informed about data collection
  2. Access their data
  3. Correct inaccurate data
  4. Delete their data ("right to be forgotten")
  5. Restrict processing
  6. Data portability (take data to another service)
  7. Object to processing
  8. Not be subject to automated decisions

Why It Matters

For Business Owners

GDPR applies to you if you have EU customers. Even if you're based outside the EU, if you serve EU residents, GDPR applies.

Non-compliance is expensive. Beyond fines, there's reputational damage and lost customer trust.

GDPR affects your tools. Using US-based services may require extra safeguards. Google Analytics, email providers, CRMs all need to be GDPR-compliant.

Privacy is a competitive advantage. Customers increasingly care about how their data is handled. Good privacy practices build trust.

Basic Compliance Steps

  1. Audit what data you collect
  2. Update your privacy policy
  3. Implement cookie consent
  4. Secure your data (encryption, access controls)
  5. Have a process for data subject requests
  6. Train your team on data handling

Related Terms

API

An API (Application Programming Interface) is a way for different software programs to talk to each other and share data.

CRM

A CRM (Customer Relationship Management) is software that helps you track and manage all your interactions with customers and potential customers.

Analytics

Analytics is the collection and analysis of data about your website or app to understand user behavior and business performance.

Need help with your digital project?

We build websites, apps, and digital solutions for businesses.

Get in touch