GDPR, or General Data Protection Regulation, refers to the regulations in EU and UK law that protects individual personal data. GDPR requires organizations to:
Have a system in place to protect personal data.
Have a system to minimize the use and storage of personal data.
Give individuals the right to their personal data.
Give individuals the right to have their personal data deleted or erased.
General Data Protection Regulation is a Regulation in EU law on data protection and privacy in the EU and the European Economic Area. Any organization in the EU or UK or dealing with people in the EU or UK is expected to be compliant with GDPR regulation.