What is GDPR?

GDPR (General Data Protection Regulation) is a comprehensive data privacy law enacted by the European Union in May 2018 that governs how organizations collect, store, and process personal data of EU residents. It applies to any business worldwide that handles EU citizens' data, not just companies based in Europe. Under GDPR, users have strong rights including the ability to access, correct, delete, and export their personal data at any time. Organizations must obtain explicit consent before collecting data, clearly state its purpose, and can face fines of up to €20 million or 4% of global annual revenue for non-compliance. In simple terms, GDPR puts data control back in the hands of users — making transparency, consent, and accountability the foundation of any digital product or service serving European users.