EU GDPR requirements explained for growing international businesses — turning lawful basis, rights, records, transfers, AI and breach response into a working operating model.