General Data Protection Regulation (GDPR)

The General Data Protection Regulation is a legal framework that defines the rules for the collection and processing of personal information from individuals who live in the European Union. The framework was adopted in 2016 and fully enforced in 2018. The GDPR applies to organizations regardless of where their websites are based and imposes obligations onto such organizations if they target or collect data related to people in the European Union. The goal of the GDPR is to ensure that companies are transparent about the personal data they deal with and that the purpose for using this data is legitimate.

According to the GDPR, those organizations that do not comply with the new data protection changes must be liable to massive fines. Depending on the severity of the breach, organizations can pay up to €20 million or 4% of annual global turnover or 2% of the same for less severe violations.