An abbreviation for the EU’s General Data Protection Regulation, which was the first law to enumerate the rights of “data subjects” – natural persons in the EU whose data was collected and processed by organizations. The GDPR also imposes rules on “data controllers and processors” – the organizations with other people’s personal data. The GDPR requires organizations to notify their national data protection authority within 72 hours of a breach. Each violation can be punishable by fines of up to 10 million Euros or 2% of an organization’s entire annual global turnover (revenue), whichever is higher.

Full text: General Data Protection Regulation (GDPR)