GDPR

GDPR (General Data Protection Regulation), effective since 2018, governs personal data protection in the EU. It applies to all organizations handling EU residents' data, with penalties up to 4% of global revenue or EUR 20 million.

GDPR affects QR code operations extensively. Dynamic QR code access logs recording IP addresses, device info, location, and timestamps constitute personal data requiring user consent, purpose specification, retention limits, and deletion request compliance.

Cookie consent banners on QR code landing pages stem from GDPR. Setting tracking cookies immediately upon QR code scan without prior consent is prohibited, directly impacting marketing attribution analysis.

Even vCard QR code exchanges create data management obligations. Scanning business card QR codes into CRM systems requires guaranteeing data subject rights (access, rectification, erasure, portability). QR codes enable easy data collection, but under GDPR, capability and permission are separate questions.