GDPR

The EU's data protection regulation, effective since May 2018, that governs how organizations collect, process, and store personal data of EU residents. GDPR introduced principles like data minimization, purpose limitation, and the right to erasure -- backed by fines up to 4% of global annual revenue. Its extraterritorial scope means any company processing EU residents' data must comply, regardless of where the company is based.