Compliance & regulatory

GDPR

EU regulation on personal-data processing — applies globally to EU users.

GDPR (General Data Protection Regulation) is the EU's 2018 privacy framework. Any site collecting personal data from EU residents must: get explicit opt-in consent, document the legal basis, allow data export and deletion, and report breaches within 72 hours. Fines: up to 4% of global revenue. For affiliate marketers: cookie-banner CMPs (Klaro, OneTrust, Iubenda), DPAs with all data processors, and Consent Mode v2 on Google tags.

Example

Latvian supervisory authority fined a German DTC brand €240k in 2023 for a non-compliant cookie banner that loaded ad pixels before consent.

Related terms

Klaro / consent banner
GDPR-compliant cookie consent management.
Google Consent Mode v2
Google's framework for sending consent signals with hits.
Compliance
Adherence to ad-network policies, FTC rules, and platform ToS.
CCPA / CPRA
California's GDPR-equivalent consumer-privacy law.