HomeAboutFeaturesPricingBlog
Sign inContact Us
Knowledge Base

What is GDPR? - Definition & Meaning

GDPR is the European privacy law that regulates how organizations may collect and process personal data. Learn what GDPR entails.

Definition

GDPR (General Data Protection Regulation) is a European regulation that protects the rights of individuals regarding their personal data. Since May 25, 2018, the law sets strict requirements on how organizations collect, process, store, and share personal data.

Technical Explanation

GDPR defines core principles such as lawfulness, purpose limitation, data minimization, accuracy, storage limitation, and integrity/confidentiality. Organizations must have a legal basis for processing (consent, contract, legal obligation, legitimate interest). Technical requirements include data protection by design and by default, Data Protection Impact Assessments (DPIAs), data processing agreements, and maintaining a processing register. Fines can reach up to €20 million or 4% of global annual revenue. Data subjects have rights including access, rectification, erasure (right to be forgotten), and data portability.

How Refront Uses This

Refront is designed with GDPR compliance as a foundation. Personal data is stored encrypted, access is restricted via role-based access control, and all data processing is logged in an audit trail. Clients can use the platform to meet their obligations toward their own customers, including data export and deletion requests.

Examples

  • •Refront provides a data export function so organizations can comply with their customers' right to data portability.
  • •When onboarding a new client, a data processing agreement is automatically generated and digitally signed.
  • •The audit trail logs every access to personal data, so during a regulatory audit it can be shown exactly who viewed what.

Related Terms

data-encryptionrole-based-access-controlaudit-trailsingle-sign-on

Read also

  • What is Data Encryption?
  • What is an Audit Trail?
  • What is RBAC?
  • Privacy and security in Refront

Frequently Asked Questions

Does GDPR apply to small businesses?

Yes, GDPR applies to every organization that processes personal data of EU residents, regardless of size. Small businesses do have some exemptions, such as not being required to appoint a Data Protection Officer under certain conditions.

What counts as personal data under GDPR?

Any information that can be directly or indirectly linked to an identifiable person: name, email address, IP address, location data, national ID numbers, as well as online identifiers like cookies and device IDs.

What are the fines for GDPR violations?

There are two fine tiers: up to €10 million or 2% of annual revenue for less serious violations, and up to €20 million or 4% of annual revenue for serious violations. Supervisory authorities use guidelines to determine the fine amount.

Ready to get started?

Try Refront for free and discover how AI automates your workflow.

Try for freeView pricing

Related Pages

Knowledge BaseWhat is Data Encryption? - Definition & MeaningData encryption is the process of encoding data so only authorized parties can read it. Learn how encryption works and why it is essential.Knowledge BaseWhat is an Audit Trail? - Definition & MeaningAn audit trail is a chronological log of all actions and changes in a system. Learn why audit trails are essential for compliance.Knowledge BaseWhat is Two-Factor Authentication (2FA)? - Definition & MeaningTwo-factor authentication (2FA) is a security method that requires two forms of identification to log in. Learn how 2FA protects your account.Knowledge BaseWhat is Role-Based Access Control (RBAC)? - Definition & MeaningRBAC is a security model where access rights are assigned based on roles within an organization. Learn how RBAC works.SolutionsRefront for Cybersecurity Firms - Secure Project ManagementManage pentest engagements and security audits with Refront. AI quotes, secure ticket management, accurate time tracking and automated reporting.SolutionsRefront for Legal Tech Companies - Legal Project ManagementManage legal tech projects with Refront. AI quotes, case management, accurate per-dossier time tracking and automated invoicing for legal service providers.

Refront is a workflow automation platform built to help teams turn work into solved tasks end to end.

© 2026 MG Software B.V. All rights reserved.

IntegrationsSlackGitHubAzure DevOpsStripeCursor
ResourcesKnowledge BaseComparisonsSolutionsTemplatesExamplesDirectoryLocationsTools
HomeFeaturesAbout UsContactPricingBlog