GDPR (the General Data Protection Regulation) is the European Union’s comprehensive privacy law governing how personal data is collected, processed, stored, and transferred, with significant penalties for non-compliance. For startups and acquirers, GDPR compliance affects product design, vendor management, and diligence, and GDPR issues can create material deal risk where data practices are weak.
