Does GDPR apply to my small D2C brand?

If you sell to or market to EU customers, yes. There's no small business exemption. The scope of compliance scales with your data processing, but basics like consent and privacy policy apply to all.

What's the minimum I need for GDPR compliance?

Cookie consent banner, privacy policy explaining data use, process for handling data requests, and lawful basis for each data processing activity (usually consent or legitimate interest).

Legal, Compliance & Privacy

GDPR

General Data Protection Regulation - European privacy law requiring consent for data collection.

1 min readLast updated Apr 2026

Quick Reference

CategoryLegal, Compliance & Privacy

Related Terms2

General Data Protection Regulation - European privacy law requiring consent for data collection.

Why It Matters

GDPR applies to any business serving EU customers, with fines up to €20M or 4% of global revenue for violations.

Practical Example

Scenario

A US-based fashion brand sells to European customers.

Calculation

10% of traffic from EU = must comply. Cookie banner + consent management + data request process required

Result

Proper GDPR setup avoided potential €500K+ fine and enabled continued EU sales worth $200K annually

Pro Tips

1Use a Consent Management Platform (CMP) like Cookiebot, OneTrust, or Termly for compliant cookie banners
2Document your data processing activities—this is required even for small businesses
3Set up processes to handle data access and deletion requests within the 30-day requirement

Common Mistakes to Avoid

Thinking GDPR doesn't apply because you're US-based—it applies if you serve EU customers

Using pre-checked consent boxes, which are explicitly non-compliant

Not having a way for customers to request their data or request deletion

Frequently Asked Questions

Related Terms

CCPA

California Consumer Privacy Act - giving residents rights over personal data.

A legal document explaining what data you collect and how it's used.