The General Data Protection Regulation (GDPR) is a comprehensive privacy law enacted by the European Union in 2018. It sets strict rules for how organizations collect, use, store, and share personal data of individuals in the EU, including sensitive information like health records. GDPR gives people significant rights over their digital data, such as the right to access, correct, delete, or transfer their information. It also requires organizations to be transparent about data practices and to protect data against breaches. Non-compliance can result in substantial fines, making GDPR a global standard for data privacy.