GDPR, or General Data Protection Regulation, is an effort set forth by the European Union with the intended purpose of increasing data protection and privacy for its citizens. Effective May 25, 2018, the GDPR itself is the legal framework that sets regulations in regards to how companies and organizations can access or utilize the data of individuals. Of course, data in itself is quite a broad term. In this case, the data that is being protected refers to personal information, including names, addresses, pictures, medical information, social media information or posts, IP addresses, and more, to name a few. The GDPR offers protection not only for data regarding public life but also professional life and private life. Some provisions of the GDPR include the requirement that organizations report data breaches within 72 hours and alert affected persons to ensure that minimal damage is incurred onto the privacy of data. Another, the "right to be forgotten", allows individuals the right to request certain information about them be withdrawn and deleted. Consequences of failing to abide by these regulations are harsh to discourage companies and organizations from straying from the guidelines.
Such consequences include a hefty fine, set at 4% of trailing annual gross revenue, which for several larger businesses is quite a large sum. The strict penalties are a contributor to the reason that the GDPR has garnered so much attention. Although the GDPR was set into motion by the European Union and offers protection to all citizens of the European Union, the policy affects a much larger range of individuals. For example, organizations or individuals, including schools and universities, that deal with EU citizen data are expected to follow the rules and regulations set by the GDPR. In addition, it is important to understand the standards set by the GDPR, as it is setting a precedent for other data regulation policies to come, and will likely have a large impact on the handling, processing, and sharing of data.