What is GDPR?

The General Data Protection Regulation (GDPR) is comprehensive EU legislation governing how organizations collect, process, store, and use personal data of EU residents. Enacted in 2018, it replaced fragmented national laws with unified standards and significantly strengthened individual privacy rights. For email marketers, it fundamentally changed how consent must be obtained and documented.

Key principles include: lawfulness, fairness, and transparency (clear about what you're doing with data), purpose limitation (only use data for stated purposes), data minimization (collect only what you need), accuracy (keep data correct), storage limitation (don't keep data longer than necessary), and security (protect data appropriately). For email, consent is the typical legal basis for marketing communications.

GDPR grants individuals rights including access (see what data you hold), rectification (correct errors), erasure (\"right to be forgotten\"), and portability (receive their data in usable format). Violations can result in massive fines. GDPR isn't just an EU concern. It uapplies to any organization processing EU residents' data, making it effectively global for most businesses.