The General Data Protection Regulation (GDPR) is a comprehensive data privacy law enacted by the European Union (EU) in May 2018. It aims to give individuals more control over their personal data and unify data protection regulations across all EU member states. Key aspects of GDPR include:

1. Data Privacy Rights: Individuals have the right to access, rectify, delete, and transfer their personal data, as well as the right to object to or restrict its processing.
2. Consent: Organizations must obtain clear and affirmative consent before collecting or processing personal data. Consent must be easy to withdraw.
3. Data Breach Notification: Companies must notify authorities and affected individuals of certain types of data breaches within 72 hours.
4. Penalties: Non-compliance can result in heavy fines—up to €20 million or 4% of a company’s global annual revenue, whichever is higher.
5. Data Minimization: Only data necessary for the specific purpose should be collected and processed.
6. Accountability: Organizations must be able to demonstrate compliance, maintain records of data processing activities, and potentially appoint a Data Protection Officer (DPO).

GDPR applies not only to companies within the EU but also to any organization outside the EU that processes the data of EU residents.