The General Data Protection Regulation (abbreviated to the GDPR), which entered into force on 25 May 2018, establishes general rules for data protection in the countries of the European Union (EU). It applies to companies operating in the EU, as well as companies in other countries that process personal data of EU citizens.
Many principles of this regulation are based on the previous EU data protection rules. The new regulations are characterized by a wider scope, stricter standards and high fines. For example, it tightens the requirements for consent to the use of certain types of data and extends the rights of entities regarding access to their data and the transfer of such data. The regulation also establishes significant enforcement powers, allowing the controlling body to impose fines of up to 4% of the total annual revenue for certain violations.