GDPR stands for the General Data Protection Regulation, a European privacy law approved by the European Commission in 2016. The GDPR will replace a prior European Union privacy directive known as Directive 95/46/EC (the “Directive”), which has been the basis of European data protection law since 1995.
The GDPR is an attempt to strengthen, harmonise, and modernise EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organisations may obtain, use, store, and eliminate personal data. It applies to any organisation processing personal data of EU citizens.
Personal data will now include not only data that is commonly considered to be personal in nature (e.g. names, physical addresses, email addresses), but also data such as IP addresses, behavioural data, location data, financial information, and more.
The GDPR was adopted in April 2016, but will officially be enforceable on 25th May 2018.