The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR entered into force on 25 May 2018 and replaces the 1995 EU Data Protection Directive.
The GDPR sets out a set of rules and regulations for the collection, use and storage of individuals' personal data within the EU and EEA. It gives individuals the right to know what personal data is being collected about them and the right to request that their personal data be deleted or corrected.
The GDPR applies to any business that processes personal data of individuals within the EU and EEA, regardless of whether the business is based within the EU and EEA or not. This means that companies doing business in the EU and EEA must comply with the GDPR even if they are based in other parts of the world.
Overall, the GDPR aims to give individuals more control over their personal data and improve data protection and privacy within the EU and EEA.