A legal document laying out the procedure that companies must follow with respect to the storage and handling of personal data belonging to residents of European Union (EU) countries. The GDPR requirements apply to both European and international organizations.
The purpose of the regulation is ensure that data subjects retain control over their own personal information.
The regulation was adopted in April 2016 and entered into force in May 2018. It introduces a number of restrictions on the collection and processing of personal information, and establishes the liability of companies for improper storage of data and harvesting of unnecessary information. Non-compliance entails a fine of up to 20 million euros or 4% of the company’s annual turnover.