What is GDPR?
The EU’s data-protection law - strict rules, real rights for individuals, and serious penalties.
GDPR: definition
GDPR applies to any organization that processes the personal data of people in the EU, regardless of where the organization is based. It requires a lawful basis for processing, data minimization, and strong security, and it grants individuals rights - access, rectification, erasure ("right to be forgotten"), and portability. Breaches must be reported quickly, and penalties can reach the greater of €20M or 4% of global revenue.
- Applies to processing EU residents’ personal data, wherever you operate
- Requires a lawful basis, data minimization, and strong safeguards
- Grants access, rectification, erasure, and portability rights
- Penalties up to the greater of €20M or 4% of global annual revenue
How Fintra handles it
Fintra supports GDPR obligations with data-handling controls, access and audit logging, and the ability to locate, export, and delete an individual’s data to service subject requests. Data-residency options and the platform’s tamper-evident audit trail help demonstrate the accountability GDPR requires - showing not just that you protect data, but that you can prove it.
Worked example
Frequently asked questions
Who does GDPR apply to?
Any organization that processes the personal data of individuals in the EU, regardless of where the organization is located. A US company serving EU customers is subject to GDPR for that data, which is why its reach is effectively global.
What rights does GDPR give individuals?
Rights including access to their data, correction of inaccuracies, erasure ("right to be forgotten"), restriction of processing, portability, and objection. Organizations must be able to locate and act on an individual’s data to service these requests.
What are the penalties for GDPR violations?
Serious breaches can incur fines up to the greater of €20 million or 4% of global annual revenue, alongside reputational damage. The severity is why GDPR compliance is treated as a board-level concern, not a checkbox.
How does Fintra help with GDPR?
Fintra provides data-handling controls, access and audit logging, data-residency options, and the ability to locate, export, and delete an individual’s data under an audited workflow - supporting both protection and the accountability GDPR requires.
Keep going
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
See how Fintra handles the numbers behind this term
Fintra is the AI Finance Operating System for SMBs - accounting, planning, payroll, equity, and AI governance on one shared data model, with a named human approving anything consequential. Free to start, no card required.
Talk to us