A comprehensive data protection and privacy regulation enacted by the European Union in 2018. It governs how organizations collect, process, store, and transfer personal data of EU residents. Key requirements include obtaining explicit consent, data minimization, the right to access, the right to erasure ('right to be forgotten'), data portability, and mandatory breach notification within 72 hours.