Dallonses logo

GDPR

What is GDPR?

The General Data Protection Regulation is the EU law that governs how organisations collect, store, and use the personal data of people in the European Union. It applies wherever those people are, so a company in California handling data from customers in Berlin still falls under it. Personal data means anything that identifies a person, directly or not. A name, an email, an IP address, a cookie ID.

GDPR puts obligations on whoever decides why and how data gets processed. You need a lawful basis before you process anything, whether that is consent, a contract, or a legitimate interest you can defend. You have to tell people what you collect and why. People can ask to see their data, correct it, or have it deleted, and you have to respond. Breaches that put people at risk must be reported to the regulator within 72 hours. A retailer that quietly tracks users across sites without a clear basis is the kind of thing the regulation exists to stop.

Fines run high, up to 20 million euros or 4% of global annual turnover, whichever is larger. The cost most teams feel first is the engineering one. Consent has to be recorded. Deletion has to actually delete, across every system. Data minimisation means you store only what you need, which is a design decision made long before any audit.

GDPR at Dallonses

Compliance is not a checkbox we add at the end. It shapes how the data model gets built. When we set up a customer data platform or a CRM, we map where personal data lives, who can reach it, and how it leaves when someone asks. Consent state travels with the record. Deletion requests reach every connected system, not just the one in front of the user.

We bring this into QA strategy and governance from the start, so compliant data handling is something the system enforces rather than something a person remembers to do. We have built marketing automation and customer data platforms for brands operating across many countries, each with its own data rules. The work is honest about the trade-offs. Useful analytics and strict data discipline can coexist, and we design for both.

Handling personal data across borders and want it built right? Let's talk.

Talk to us about data

Related services

Related works

Spring GDS 25th Anniversary

A logistics company that ships to 190 countries built something to ship to itself.

Vizitio

Turning a brand into a working business.

Access Ticket

Half a million people. One app. Zero chaos.

Ready to work together?

Book a meeting
Aymón holding a Tools magazine in front of their facem
Ari working on a laptop outdoors surrounded by plants
Top-down view of a wooden desk with a keyboard, mouse, and headphones
Hand-drawn illustration of a hand snapping fingers
Nico leaning against a water cooler next to a fire extinguishe
Close-up of an open computer with circuit board and components on a wooden desk
Bernat and Andreu collaborating at a desk with monitors and a laptop
Hand-drawn illustration of an open hand waving
Aymón holding a Tools magazine in front of their facem
Ari working on a laptop outdoors surrounded by plants
Top-down view of a wooden desk with a keyboard, mouse, and headphones
Hand-drawn illustration of a hand snapping fingers
Nico leaning against a water cooler next to a fire extinguishe
Close-up of an open computer with circuit board and components on a wooden desk
Bernat and Andreu collaborating at a desk with monitors and a laptop
Hand-drawn illustration of an open hand waving