Focus 1
Who is in scope
One EU user can be enough if personal data is processed in the context of targeting or monitoring.
Framework hub
GDPR
GDPR applies to any organisation that processes personal data of EU residents, regardless of where the organisation is established.
EU baseline
If you are established in the EU, operate in the EU, or place this product or service on the EU market, treat this as a first-order compliance check. Non-EU reach language means outsiders can also be covered, not that EU companies are outside scope.
Review scopeFocus 2
DPA enforcement tracker
Latest decisions and enforcement updates are collected from CNPD, EDPB, EDPS, ICO, CNIL, BfDI, and DPC Ireland.
Focus 3
Core rights
Article 13, 14, 17, and 20 obligations are summarized with source-backed updates.
Focus 4
Data transfers
SCCs, adequacy decisions, and related guidance are tracked from official sources.
Source updates
MEDIUMCNPD2026-06-07
CNPD cookie guidance watch entry
Luxembourg-specific privacy guidance is monitored for cookie consent, enforcement positions, and data protection obligations.
GDPRePrivacy