Glossary · compliance
GDPR
Definition
GDPR (General Data Protection Regulation) is the EU's data protection regulation (2018). It covers any company worldwide processing EU citizens' data. Fines reach 4% of global revenue or €20M — whichever is higher. Notice + consent + DPA + DPO appointment + 72-hour breach notification are mandatory.
Detailed explanation
7 core principles: lawfulness, purpose limitation, data minimization, accuracy, retention, integrity + confidentiality, accountability. Each principle requires separate documentation.
Data subject rights (8): information, access, rectification, erasure ('right to be forgotten'), restriction, portability, objection, opt-out from automated decisions. 30-day response window for each.
Software compliance: consent banner (granular categories), data export (machine-readable), delete-on-request, audit log, encryption at rest + in transit, DPO (Data Protection Officer) appointment (250+ employees).
Mandatory for companies with EU customers — if you sell from Turkey into the EU, GDPR compliance is required, KVKK alone is not enough. Standard Contractual Clauses (SCC) + EU representative may be required.
Use cases
→E-commerce selling into EU markets
→SaaS companies with EU customers
→Multinational enterprise software
→Analytics tracking EU citizens
→EU healthcare + finance software
Pros
- +EU market access
- +Enterprise B2B customer trust
- +Privacy-by-design discipline
- +Prep for other countries' laws
Cons
- −High compliance cost ($10-100K)
- −Punitive fines (4% global revenue)
- −DPO appointment + ongoing training
- −Complex cross-border data transfer
Related terms
Related services
Planning a project around GDPR?
In a 30-minute discovery call we share a written architecture + cost + team recommendation tailored to your project.
Start a discovery call