The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for businesses so both citizens and businesses in the European Union can fully benefit from the digital economy. The reforms are designed to reflect the world we’re living in now and bring laws and obligations – including those around personal data, privacy, and consent – across Europe up to speed for the internet-connected age.

Under the terms of GDPR, not only do organizations have to ensure that personal data is gathered legally and under strict conditions but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.