The General Data Protection Regulation (GDPR) is the European Union’s (EU) data privacy and security law. It is one of the most advanced laws of its kind, and applies not only to organizations within the EU, but to any organization around the world that collects, shares, and stores data about people in the EU. The penalties for violating the GDPR are severe.