GDPR (General Data Protection Regulation) is the EU’s comprehensive data protection regulation, in effect since May 2018. It governs how personal data of EU residents must be collected, stored, processed, and shared — by any organization worldwide, regardless of where the organization is based.
For customer portals, GDPR requires: lawful basis for processing personal data, data subject rights (access, correction, deletion, portability), breach notification within 72 hours, Privacy by Design principles, a signed Data Processing Agreement (DPA) with every vendor, and often a Data Protection Officer (DPO) for organizations processing large volumes of EU data. Penalties can reach €20M or 4% of global revenue.
See Secure Client Portal.