The General Data Protection Regulation, or GDPR, is a data protection and privacy regulation under EU law. This regulation developed in 2016 and became enforceable in 2018, and is monumental in changing the handling of data and privacy across the EU. All EU members are held to these standards and regulations.
The goal is to give individuals more control of their personal data by placing stricter rules over enterprises regarding the processing of personal information. Under the GDPR, the enterprise must disclose the reason for the collection and processing of data, as well as what will be done with the data and when. Subjects must give permission for their data to be used, and collected data is anonymized. There are countless data safety measures and precautions outlined in the GDPR that enterprises will be held during the handling of data to ensure privacy for subjects.
Companies are monitored closely through audits and transparency requirements, and can face heavy fines or other appropriate punishments if the GDPR is broken.