The General Data Protection Regulation (GDPR) is a comprehensive data privacy law enacted by the European Union (EU) to protect individuals' data and privacy. Effective from May 25, 2018, GDPR sets strict guidelines for how organisations collect, store, process, and share the personal data of EU citizens. Key principles of GDPR include transparency, data minimisation, accuracy, storage limitation, and accountability. It grants individuals rights such as access to their data, the right to be forgotten, and data portability.  

Organisations must obtain clear consent from individuals before collecting their data and ensure robust security measures to protect it. Non-compliance with GDPR can result in severe penalties, including fines of up to 4% of annual global turnover or €20 million, whichever is higher. GDPR has a significant impact on global businesses, influencing data protection standards worldwide and emphasising the importance of safeguarding personal information in an increasingly digital world.