The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR was designed to protect individuals and their personal information, and to ensure organizations that collect that information do so responsibly. According to GDPR, personal data should also be maintained securely, this means protecting them from unauthorized or unlawful processing, as well as against accidental loss, destruction or damage. The consequences for violating GDPR provisions are severe - up to the greater of 4% of worldwide revenue or €20 million.
