General Data Protection Regulation (GDPR)

Also known as: Regulation (EU) 2016/679

The GDPR is a comprehensive data-privacy regulation developed jointly by three EU legislative institutions — the European Parliament, the European Commission, and the Council of the European Union. It superseded the Data Protection Directive (Directive 95/46/EC) and came into force on May 25, 2018.

The regulation has two primary objectives: restoring meaningful control to data subjects (i.e., citizens within the union) over how their personal data is collected and used, and creating a more harmonized, consistent regulatory environment that simplifies compliance for international businesses operating across EU member states.