The General Data Protection Regulation (GDPR) is the European law regulating data protection. It replaces the 1995 EU Data Protection Directive, applies across Europe, and came into effect on 25 May 2018 in the EU.
GDPR expands the privacy rights granted to data subjects (EU individuals) and places more significant obligations on organizations that handle those individuals' personal data. It intends to standardize data protection across EU member countries.
GDPR gives EU citizens greater control over their personal data, providing greater transparency into how data is used and ensuring that the organizations entrusted with personal data treat it appropriately.