General Data Protection Regulation (GDPR)
A European Union regulation that governs how organizations collect, process, store, and share personal data of individuals in the EU, granting individuals rights over their data and imposing strict requirements on data handlers.
GDPR affects any website that collects data from EU residents, regardless of where the organization is based. Key principles include lawful basis for processing, data minimization, purpose limitation, storage limitation, and accountability. Individual rights include the right to access, rectify, erase ('right to be forgotten'), port, and restrict processing of their data.
From a QA perspective, GDPR compliance touches many website features: consent mechanisms, data collection forms, cookie behavior, analytics tracking, account deletion workflows, data export functionality, and privacy policy accessibility.
Why It Matters for QA Teams
GDPR violations carry fines of up to 4% of global annual revenue. QA teams must verify that consent mechanisms work correctly, data is handled as declared, and user rights features (deletion, export) actually function as required.
Example
QA tests the 'Delete My Account' feature and discovers that while the user's profile is removed from the UI, their email address and order history remain in the database and continue appearing in admin reports. This constitutes a GDPR compliance failure because the deletion was not thorough. The team updates the deletion workflow to cascade across all data stores.