The General Data Protection Regulation (GDPR) is a European Union (EU) law that protects individuals' personal data. It's considered the world's strongest privacy and security law.  What does the GDPR do?

• Defines the rights of individuals in the digital age
• Sets out the obligations of those who process data
• Specifies how to ensure compliance
• Outlines sanctions for those who violate the rules
• Regulates how businesses can collect, use, and store personal data
• Requires that personal data be processed securely

When did the GDPR take effect?

• The GDPR was adopted in 2016 and went into effect on May 25, 2018
• It replaced the 1995 Data Protection Directive
• It's applicable throughout the European Economic Area

Who does the GDPR apply to?

• The GDPR applies to businesses and organizations that are based in Europe or that serve users in Europe

How is the GDPR enforced?

• National and European data protection authorities and bodies ensure that the GDPR is applied consistently