Description: The General Data Protection Regulation (GDPR) is a regulation enacted by the European Union in 2016 to protect the privacy and personal data of individuals within the EU. It establishes rules and guidelines for the processing of personal data by organizations, including the collection, storage, and transfer of such data. The GDPR aims to give individuals more control over their personal information and requires organizations to implement measures to ensure the security and confidentiality of the data they handle. It also introduces stricter penalties for non-compliance with the regulation. The GDPR replaces the previous Data Protection Directive and applies to all EU member states. Publisher: EUR-Lex Source: http://data.europa.eu/eli/reg/2016/679/2016-05-04 Last modification: 26/06/2023 EIRA traceability: eira:BindingInstrumentRequirement LOST view: Legal view - Binding Power and Jurisdiction EIRA concept: eira:SolutionBuildingBlock Additional identifier: http://data.europa.eu/eli/reg/2016/679/2016-05-04 Title: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Example: 1. Consent management: Under the GDPR, organizations are required to obtain explicit and informed consent from individuals before collecting and processing their personal data. This means that companies need to clearly explain why they are collecting the data, how it will be used, and give individuals the option to opt out or withdraw their consent at any time.