Question 1

What’s the difference between GDPR and the EU ePrivacy Directive (cookie law)?

Accepted Answer

GDPR is a broad privacy law covering how organizations collect and use personal data (like names, emails, IDs, location data). The ePrivacy Directive focuses more specifically on electronic communications and tracking technologies like cookies. In practice, cookie banners often relate to ePrivacy rules, while GDPR governs the broader processing of personal data behind the scenes.

Question 2

When do I need to comply with GDPR?

Accepted Answer

You generally need to comply if you process personal data of people in the EU/EEA and you either (1) are established in the EU/EEA, or (2) offer goods/services to people in the EU/EEA or monitor their behavior (for example, tracking for analytics or advertising). If your app or website has EU users, assume GDPR may apply and confirm with legal counsel.

Question 3

How much does GDPR compliance cost?

Accepted Answer

There is no fixed fee to “use” GDPR, but compliance has operational costs. Common cost drivers include legal review, privacy program staffing (DPO/privacy lead), data mapping, updating contracts (DPAs), implementing security controls (encryption, access management, logging), building workflows for data subject requests, training, and ongoing audits. Costs vary widely by company size, data volume/sensitivity, and existing security maturity.

GDPR

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms