The General Data Protection Regulation (GDPR) is a comprehensive privacy law enacted by the European Union (EU) that governs how organizations collect, store, process, and share personal data of individuals within the EU. It came into effect on May 25, 2018, replacing the previous Data Protection Directive. GDPR applies not only to organizations within the EU but also to entities outside the EU that process the data of EU residents.

Key Principles of GDPR:

1. Lawfulness, Fairness, and Transparency: Personal data must be processed legally, fairly, and transparently.
2. Purpose Limitation: Data must be collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
3. Data Minimization: Only collect and process the data that is necessary for the specified purpose.
4. Accuracy: Data must be accurate and kept up to date.
5. Storage Limitation: Personal data should not be stored for longer than necessary.
6. Integrity and Confidentiality: Data must be processed securely to prevent unauthorized access, loss, or damage.
7. Accountability: Organizations must be able to demonstrate compliance with GDPR.

Key Rights for Individuals:

• Right to Access: Individuals can access their personal data and understand how it is being used.
• Right to Rectification: Individuals can correct inaccuracies in their data.
• Right to Erasure (“Right to be Forgotten”): Individuals can request their data be deleted under certain conditions.
• Right to Restriction of Processing: Individuals can limit how their data is used.
• Right to Data Portability: Individuals can obtain and reuse their data across services.
• Right to Object: Individuals can object to certain types of processing, such as direct marketing.
• Rights Related to Automated Decision-Making and Profiling: Individuals can contest decisions made by algorithms without human intervention.

Enforcement and Penalties:

Non-compliance with GDPR can result in severe penalties, including fines of up to €20 million or 4% of global annual turnover, whichever is higher.

It ensures individuals have greater control over their data while holding organizations accountable for how they manage it.