The General Data Protection Regulation, or GDPR, was adopted by the European Parliament in April 2016, and came into effect on May 25, 2018. The GDPR aims to harmonize data protection laws across the EU member states.
Equally important is the fact that the new regulation introduces several obligations for enterprises that handle personal data. These include stricter mechanisms for obtaining consents, timely notification of a breach to the impacted party, and keeping the need for personal data to a minimum. Individuals who have provided their personal data, will have several rights such as the right of access to and rectification of data, the right to restriction of processing, the right to erasure of data, the right to data portability, etc., as per the new regulation. These rules apply to both, the EU member states, and to enterprises outside the Union, which process the data of EU residents.
There are stiff penalties for non-compliance. Fines can go up to 4% of the annual turnover or 20 million Euros, whichever is higher.