GDPR
General Data Protection Regulation (EU Regulation 2016/679)
The EU regulation on personal data protection in force since 25 May 2018 — defines the rights of data subjects and the obligations of controllers.
What is GDPR?
GDPR (General Data Protection Regulation), officially Regulation (EU) 2016/679 of the European Parliament and of the Council, is a legally binding regulation on the protection of natural persons with regard to the processing of personal data, applicable in all EU Member States since 25 May 2018. An EU-level supervisory authority, as well as national Data Protection Authorities (DPAs) in each Member State, oversee compliance.
GDPR defines the key rights of data subjects:
- Right of access (Art. 15) — what data the company holds about me
- Right to rectification (Art. 16)
- Right to erasure / right to be forgotten (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
For controllers (every company that processes personal data), obligations include: maintaining records of processing activities, conducting a Data Protection Impact Assessment (DPIA) for high-risk processing, appointing a Data Protection Officer (DPO) in certain cases, and notifying security incidents within 72 hours.
Fines under GDPR can reach up to 20,000 €,000 or 4% of global annual turnover, whichever is higher.
When it applies
GDPR applies to any company that processes personal data of EU citizens — employees, customers, suppliers (natural persons), and website visitors. In an ERP system this means special treatment of HR and CRM data.
See the Security page, the Files module, and the Records module.
Related terms
- AI Act — complementary regulation for AI systems. See /en/glossary/ai-act.
- ISO 27001 — certification that supports GDPR compliance. See /en/glossary/iso-27001.
- RBAC — technical implementation of restricting access to personal data. See /en/glossary/rbac.
In Modulario
Modulario is fully compliant with GDPR — details on the data map, sub-processors, and implementation of data subject rights are available at /en/security. The Records and Files modules support retention policies and automatic deletion upon expiry.
Modulario provides customers with a DPA (Data Processing Agreement) directly in the registration flow, a list of sub-processors with EU-based hosting, and automated tools for fulfilling data subject requests. Upon service termination, data is irrevocably deleted after the retention period expires.
Related terms
AI Act
The first comprehensive EU regulation governing the development, deployment and use of artificial intelligence — a risk-based approach with four levels.
ISO/IEC 27001
The international standard for an Information Security Management System (ISMS) — certification that demonstrates an organisation's maturity in IT security.
RBAC
An authorisation model in which permissions are assigned through roles rather than to individual users — simpler management and auditability.
SSO
An authentication mechanism that allows a user to log in once and gain access to multiple applications without repeatedly entering a password.
ReBAC
An authorisation model based on relationships between objects — access is derived from which teams and projects a user belongs to.
Implementing GDPR in your company?
Modulario covers most B2B processes modularly — deploy only what you need now and grow gradually. Book a free consultation.
Book a consultation