The General Data Protection Regulation (GDPR) is new legislation in the area of data protection. Its purpose is to strengthen individuals’ rights regarding the collection, use and storage of their personal data.
The General Data Protection Regulation replaces the Data Protection Act.
The law applies to businesses or organisations in the European Union. Those outside the EU who offer goods and services (whether paid or not) to people living within the EU, or monitor their behaviour, must also comply with the GDPR.