The General Data Protection Regulation (GDPR) is a new set of rules governing the privacy and security of personal data laid down by the European Commission. It will ensure that all countries in the EU, and those companies using personal data for EU citizens, adhere to the same data protection rules. It will regulate details such as the user data that companies are allowed to collect, how it is stored, how data breaches can be safeguarded, who's responsibility it is in the event of a breach, and also the inherent sanctions.
To put it simply, it is the biggest change in data protection laws for 20 years which could have far-reaching, and potentially damaging consequences for businesses.
Information Commissioner Elizabeth Denham called the GDPR "the biggest change to data protection law for a generation" in a video speech in May 2017. The legislation presents a range of compliance and operational challenges for businesses, requiring thorough planning and additional resources.