Глоссарий
What is GDPR?
Подробно
GDPR was passed by EU Parliament in 2016 and became effective on 25 May 2018. 99 articles, 173 recitals. Replaces Data Protection Directive 1995. Maximum fine: 4% of annual global revenue or €20M (whichever higher). Real cases: Meta €1.2B (2023), Google €50M (2019), British Airways €20M (2020).
What is "personal data": any info that identifies a natural person — name, email, IP address, cookie, location, photo, behaviour pattern. Anonymous data (irreversibly aggregated) is out of GDPR scope.
Legal bases (6): (1) **Consent** — explicit, opt-in (cookie banners). (2) **Contract** — to fulfil service to user. (3) **Legal obligation** — accounting, taxes. (4) **Vital interests** — life-threatening. (5) **Public task** — government. (6) **Legitimate interests** — business need balanced against user rights.
User rights: (1) **Access** — request all data company holds. (2) **Rectification** — correct inaccurate data. (3) **Erasure** ("right to be forgotten") — delete data. (4) **Portability** — export in machine-readable format. (5) **Restriction** — pause processing. (6) **Object** — opt-out marketing. Response within 30 days mandatory.
Website-level GDPR baseline: (1) **Cookie consent banner** — opt-in (not opt-out), categorise functional/analytics/marketing. (2) **Privacy policy** — clear, accessible, lists data + purpose + retention. (3) **Cookie policy** — separate from privacy. (4) **Data Processing Agreement (DPA)** — with hosting provider, analytics, payment. (5) **Right to be forgotten flow** — automated where possible. (6) **Breach notification** — 72 hours to authority + users.
Georgian context: Georgia is not in the EU, but GDPR applies if you serve EU residents. The Georgian Personal Data Protection Inspector is the local authority. Compliance cost: 2,000-10,000 ₾ initial setup. Tools: Cookiebot ($10/mo), OneTrust (enterprise), Plausible (DPA-compliant analytics, no consent needed).
Examples
- 1Cookie banner: Cookiebot $10/mo + auto-categorize + GA4 consent mode v2
- 2Plausible Analytics — no cookies + DPA-compliant + no consent banner needed
- 3DPA template: GitHub gdpr-dpa-template — sign with hosting (Vercel, Cloudflare)
- 4Right-to-be-forgotten flow: form + automated email + manual DB purge if needed
- 5Breach response: 72-hour incident drill quarterly, on-call rotation, IR runbook
Связанные термины
Related services
Частые вопросы
Is GDPR required for a Georgian site?▾
Only if you serve EU residents (immigrants, tourists, e-commerce orders from the EU). Pure GE-only audience — local Personal Data Protection Law applies, GDPR is optional.
What does GDPR compliance cost in Georgia?▾
Initial: 2,000-10,000 ₾ (legal review + cookie banner + privacy policy + DPA). Ongoing: 50-200 ₾/mo (Cookiebot or similar). DIY: GitHub templates + ChatGPT review = 50-200 ₾.
Is Google Analytics 4 GDPR-compliant?▾
Partially — IP anonymisation default since 2024, EU regions storage. Full compliance: GA4 Consent Mode v2 + cookie banner integration. Plausible/Matomo are cleaner alternatives.
Готовы к бесплатной консультации?
Напишите нам — ответим в течение 24 часов с предварительной оценкой проекта.