The GDPR (General Data Protection Regulation) entered into force on May 25, 2018. It is Europe’s digital privacy regulation. It states that companies have to obtain the consent of Data subject s to store and process users’ personal data.

The European Commission prepared the GDPR, which replaced the outdated 1995 European Data Protection Directive. The idea behind GDPR is to provide individuals with full control over their personal data. It aims to strengthen and unify the rules of data collection from individuals within the European Union.

In the GDPR era, Personal data is not only name, photo, address, phone number or email address. It also includes the following data:

  • Biometric and genetic data
  • Economic status
  • Cultural and social identity
  • IP address and geolocation
  • Device ID
  • Cookies
  • Pseudonymous data

Read more about Data controller s, Data processor s or Data processing agreement s.

Visit the Piwik PRO blog to dive deeper into GDPR-related articles.


  • Life after GA4: Why EU organizations are going local

    When Universal Analytics was phased out in 2023, and GA4 rolled out with complexity, many European organisations were forced to rethink how they measure success. For more and more, the solution is clear: use analytics built for Europe, by Europe. Why sovereignty matters Data sovereignty isn’t just a buzzphrase. Under GDPR and the Schrems II…

  • Telehealth analytics: Optimizing virtual care experiences in a HIPAA-compliant way

    As patients increasingly turn to digital platforms for medical care, healthcare organizations must understand user behavior and tailor their responses to meet these expectations. Patients want flexible, digital-first options, while providers seek to optimize efficiency, reduce costs, and expand care to more people.