GDPR – the General Data Protection Regulation – is intended to establish a stronger, unified system of protection of personal data for individuals and businesses within the European Union. GDPR was adopted directly by the European Parliament, the Council of the European Union, and the European Commission on April 27, 2016. Following a two-year transition period, GDPR will become directly binding and enforceable as of May 25, 2018.

GDPR is an improvement upon the 1995 Data Protection Directive, intended to enhance control by individuals over their own personal data and accountability for organizations in how they collect, handle, and maintain it. The Data Protection Directive was implemented by individual law in each of the EU nations and therefore created a patchwork of standards and practices varying between the member states.   GDPR therefore is intended to simplify and integrate requirements in a more cohesive and competent supervisory model.