GDPR

General Data Protection Regulation, the EU's privacy law (since 2018, refined since). Requires data minimisation, purpose limitation, transparency and breach notification for any processor of EU personal data. EOIT's no-customer-PII design is a direct response to GDPR's spirit, not just its letter.