How does GDPR apply to cross-border e-commerce?

GDPR applies whenever you process personal data of EU/EEA residents, regardless of where your business is based. This includes names, addresses, payment details, and browsing data. You need lawful basis for processing, must provide privacy notices, and allow data subject rights (access, deletion). Swap stores and manages data in full compliance with GDPR, with all servers in Europe and signed DPAs.