The General Data Protection Regulation (GDPR) is a data privacy law that was implemented by the European Union (EU) in May 2018. The GDPR is designed to protect the privacy and personal data of EU citizens and residents, and applies to all organizations that process the personal data of EU citizens, regardless of where the organization is based.

The GDPR gives individuals greater control over their personal data by providing them with the right to know what data is being collected about them, the right to access and correct that data, and the right to request that their data be deleted. The GDPR also requires organizations to obtain explicit consent from individuals before collecting and processing their data, and to notify individuals in the event of a data breach.

Organizations that fail to comply with the GDPR can be subject to significant fines, up to 4% of their global annual revenue or €20 million (whichever is greater).

The GDPR has had a significant impact on the way that organizations collect, store, and use personal data, and has led to increased focus on data privacy and security across industries. Many countries have also implemented their own data privacy laws that are based on the principles of the GDPR, such as the California Consumer Privacy Act (CCPA) in the United States.