The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union and the United Kingdom. It sets strict rules for how organizations collect, use, store, and share personal data of individuals within the EU and UK. GDPR aims to give people more control over their personal information and requires companies to be transparent about their data practices. Non-compliance can lead to significant fines and penalties, making GDPR a key regulation for businesses handling personal data in Europe.