What is GDPR? The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. It imposes obligations to organizations worldwide, so long as they target or collect data related to the EU residents. ( source ) What counts as personal data? Personal data is any information that relates to an identified or identifiable individual. For example, names or addresses (identified individuals) or location, cookies or even pseudonymous data if easy to link to a specific person (identifiable individual). In every case, you need a valid reason (legal basis) to process personal data. In the context of User Onboarding, it is almost exclusively unambiguous consent . The users must explicitly agree that their personal data is processed for the purpose of user onboarding. Even when you receive explicit consent, the obligations do not end there. For example: You must collect only data absolutely necessary for the given purposes. You must store the data only for as l