General Data Protection Regulation.
The GDPR is the world's most comprehensive data protection regulation, governing how organizations collect, process, store, and transfer personal data of EU residents. It applies to any organization worldwide that processes EU personal data, regardless of where the organization is established.
Maximum penalty
€20M or 4% global group turnover (whichever is higher)
Source: Article 83(5)
Key requirements
Lawful basis for processing (consent, legitimate interest, contract, legal obligation)
Data subject rights (access, erasure, portability, rectification, restriction)
Data Protection Officer appointment (where required by Art 37)
72-hour breach notification to supervisory authorities
+4 more requirements in the complete guide.
Get the full GDPR compliance guide →Enforcement examples
Meta Platforms (Ireland)
Unlawful EU-US data transfers (Art 46)
€1.2B
2023
Amazon Europe
Non-compliant ad targeting practices
€746M
2021
WhatsApp Ireland
Transparency failures (Art 5, 13, 14)
€225M
2021
How Tessera automates GDPR compliance
Automated Article 6 legal basis mapping across processing activities
Real-time DSAR tracking and response orchestration
DPIA trigger detection in CI/CD pipeline
72-hour breach notification workflow with NIS2 parallel reporting
Cross-border transfer mechanism validation (SCCs, adequacy)
GDPR compliance checklist
Essential steps to achieve and maintain GDPR compliance.
Map all personal data processing activities with lawful basis
Implement data subject request handling procedures (30-day response)
Appoint a DPO if required by Article 37
+4 more steps in the full checklist.
Get your complete GDPR compliance checklist - free →Industries affected
Calculate your GDPR exposure.
See exactly how GDPR penalties apply to your revenue and industry profile.