The General Data Protection Regulation (GDPR) is the European law regulating data protection. It replaces the 1995 EU Data Protection Directive, applies across Europe, and came into effect on 25 May 2018 in the EU. It is also enacted into UK law, giving it effect in the UK even after Brexit.
GDPR expands the privacy rights granted to data subjects (EU/EEA individuals) and places greater obligations on organisations who handle the personal data of those individuals, wherever those organisations are based.
GDPR comes at a time when more and more personal data is being generated by every individual as they use more services and technologies. It is intended to standardise data protection across EU member countries and post-Brexit UK. It gives EU and UK citizens greater control over their personal data, providing greater transparency into how data is used and ensuring that the organisations entrusted with personal data treat it appropriately.