General data protection regulation (GDPR)

Definition

The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy regulation enacted by the European Union (EU) in 2018.

What is GDPR?

It is designed to safeguard the privacy and personal data of EU citizens by regulating how organisations collect, process, store, and share this information. The GDPR applies to any organisation, regardless of its location, that processes the personal data of individuals residing in the EU

The primary objective of the GDPR is to give individuals greater control over their personal data and to harmonise data protection laws across the EU member states. It aims to create a consistent framework for data protection while also addressing the challenges posed by the digital age.

Key principles of the GDPR:

  1. Lawfulness, fairness, and transparency: Personal data must be processed lawfully, fairly, and transparently. Individuals must be informed about how their data is being used.
  2. Purpose limitation: Data should only be collected for specific, explicit, and legitimate purposes.
  3. Data minimisation: Only the minimum amount of personal data necessary for a specific purpose should be collected.
  4. Accuracy: Data should be accurate, and steps should be taken to ensure it remains up-to-date.
  5. Storage limitation: Data should be kept only for as long as necessary for the purposes for which it was collected.
  6. Integrity and confidentiality: Data should be securely processed to prevent unauthorised access, unlawful actions, and accidental loss or damage.

The GDPR grants individuals several rights regarding their personal data, including the right to access, correct, and erase their data.

The GDPR has influenced data protection laws and policies worldwide, as many countries and regions have introduced or updated their own data protection regulations to align with the GDPR’s principles.

Example of GDPR

Company ABC is an e-commerce business based in the EU, selling products online. To comply with GDPR, they take the following measures:

  1. User consent: Users are asked for explicit consent before any data is collected, and they have the option to opt out.
  2. Data minimisation: The company only collects the necessary personal data required for specific purposes. Unnecessary data is not collected.
  3. Data subject rights: The company respects the rights of data subjects as outlined in GDPR. Users have the right to access, rectify, or erase their personal data.
  4. Data processing records: Company ABC maintains records of its data processing activities as required by GDPR. These records detail the purposes of processing, categories of data, and security measures in place.
  5. Data breach notification: In the event of a data breach, Company ABC follows GDPR requirements by promptly notifying the relevant supervisory authority and, if necessary, affected data subjects.

By adhering to these GDPR compliance measures, Company ABC aims to protect user privacy, build trust, and avoid potential fines or legal consequences associated with non-compliance with GDPR regulations.

Ready to grow your business?
Get started

Clever finance tips and the latest news

Delivered to your inbox monthly

Join the 110,000+ businesses just like yours getting the Swoop newsletter.

Free. No spam. Opt out whenever you like.

+1 (202) 804-9308
Contact us
Get started
Trustpilot
Main Menu
Business funding
Main Menu
About
Main Menu
Compare & save
Main Menu
Other
Main Menu
Main Menu
UK UK IRE IRE AU AU CA CA US US ZA ZA NA NA

Disclaimer: Swoop Funding LLC (“Swoop”) is a financial technology platform and commercial finance broker, not a lender. Swoop does not provide loans or make credit decisions. We match US-based firms with third-party lenders, equity funds, and grant agencies. All financing is subject to lender credit approval and the specific terms and conditions of the funding provider.

Broker Compensation Disclosure: Swoop provides its platform and matching services to applicants at no direct cost. We receive compensation in the form of a commission or referral fee from the finance providers in our network upon successful placement. This compensation may vary by provider and product. In certain instances, the commission paid to Swoop may influence the interest rate or terms offered by the lender, which can affect the total amount payable under your agreement.

Credit Authorization & FCRA Notice: By submitting an application or registering an account, you provide “written instructions” to Swoop under the Fair Credit Reporting Act (FCRA) to obtain your personal and/or business credit profile from consumer reporting agencies. This information is used solely to evaluate your eligibility for financing and to match you with appropriate lenders in our network.

State-Specific Disclosures:

Florida & Utah: Swoop complies with state commercial financing disclosure laws regarding the transparency of terms for non-real estate secured commercial transactions.

Entity Information: Swoop Funding LLC is a Delaware limited liability company. US Headquarters: 43 W 23rd St, New York, NY 10010, United States. Contact: hello@swoopfunding.com

General Terms: Applicants must be 18 years of age or older. All firms must be registered and operating within the United States. SBA loans are issued by private lenders and guaranteed by the U.S. Small Business Administration; Swoop is not a government agency. Please review our Terms of Use and Privacy Policy for full details.

If you have a complaint, please refer to our Complaints Policy.

UK UK IRE IRE AU AU CA CA US US ZA ZA NA NA

© Swoop 2026

Looks like you're in . Go to our site to find relevant products for your country. Go to Swoop