The General Data Protection Regulation (GDPR) is the European law regulating data protection. It replaces the 1995 EU Data Protection Directive, applies across Europe, and came into effect on 25 May 2018 in the EU.
GDPR expands the privacy rights granted to data subjects (EU individuals) and places greater obligations on organisations who handle the personal data of those individuals. It is intended to standardise data protection across EU member countries.
GDPR gives EU citizens greater control over their personal data, providing greater transparency into how data is used and ensuring that the organisations entrusted with personal data treat it appropriately.