The General Data Protection Regulation (GDPR) is the European Union’s (EU) flagship privacy law, which was enacted in May of 2018, to regulate the processing of personal data of individuals within the EU. It applies to entities based in the EU and those outside the bloc that handle EU residents’ data. With fines reaching up to €20 million or 4% of global annual turnover, the GDPR is a legal instrument with global implications.
