General Data Protection Regulation
European Union regulation on the processing of personal data
AI overview
The General Data Protection Regulation (GDPR) is a European Union law that sets rules for how companies and organizations can collect, use, and store people's personal information. It matters because it gives people more control over their data and requires organizations to be transparent about how they use it, with significant penalties for those who don't follow the rules.
AI-generated from the Wikipedia summary — may contain errors.
Article
The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.
The European Parliament and Council of the European Union adopted the GDPR on 14 April 2016, to become effective on 25 May 2018. As an EU regulation (instead of a directive), the GDPR has direct legal effect and does not require transposition into national law. However, it also provides flexibility for individual member states to modify (derogate from) some of its provisions.