According to the GDPR, a Data Broker is any entity that collects and sells individuals’ personal data. Data brokers gather information from various sources, including public records, online activities, and commercial transactions, and then package and sell this data to other organizations for purposes such as marketing, risk assessment, or background checks.