GDPR is a significant data protection and privacy regulation created by the European Union, which went into effect in May 2018. It explains how data about users can be collected and used, including the types of options websites must offer their users in relation to user data. GDPR applies when personal data is involved, there's a commercial use of data, and either the company is based in the EU or it offers goods or services to EU data subjects or monitors the behavior of EU data subjects. Non-compliance can result in fines up to 4% of revenue. Key terms include legal basis, transferring data, data controller, data processor, sub-processor, privacy by design, and incorporating these principles into a website's product. Major requirements of GDPR include providing notice of personal data collection, use, and sharing, establishing a legal basis for processing data, notifying relevant supervisory authorities in case of breaches, affording users certain rights to access and delete their data, and respecting user privacy throughout the product development process. Companies handling personal data must comply with these regulations. Bubble has taken actions to be compliant with GDPR, including providing tools such as cookie consent management, data portability features, and plugins that allow users to give end-users control over their data. However, consulting legal counsel is recommended to determine specific compliance requirements for each app.