GDPR, which stands for General Data Protection Regulation, is a comprehensive regulation that governs the protection of personal data and the free movement of such data. The regulation is officially known as "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC".
One of the main purposes of GDPR is to safeguard the rights of individuals in the EU and EEA with respect to their personal data. It sets forth requirements for institutions and companies when handling and processing personal data, including the rights of individuals and the procedures for data storage and processing. Additionally, GDPR addresses the transfer of personal data outside the EU and EEA.
Since its enforcement on 25 May 2018, GDPR is directly applicable to all EU and EEA countries. It imposes obligations on companies and organizations that process personal data of individuals within the EU and EEA, as well as those outside of it. GDPR applies to various types of personal data, which encompass any information that can be used to identify an individual.