The General Data Protection Regulation (GDPR), adopted on 27 April 2016, establishes stringent guidelines for the processing of personal data within the European Union. It asserts that personal data protection is a fundamental right, ensuring that data subjects are informed about the collection, purposes, and processing of their data, while also granting them rights such as access, rectification, and erasure. Controllers and processors must implement appropriate technical and organisational measures to demonstrate compliance, thereby fostering accountability and organisational integrity in data processing practices.

Under the regulation, significant enforcement powers are bestowed upon supervisory authorities to ensure adherence, including the ability to investigate, impose fines, and facilitate cooperation among member states. Ultimately, the GDPR aims to harmonise data protection laws across Europe, facilitating a steady flow of personal data while safeguarding individual freedoms and rights against misuse and breaches.