The General Data Protection Regulation (GDPR) is a set of regulations introduced by the European Union in 2018 to protect the privacy and personal data of its citizens. It applies to any organization, regardless of its location, that processes the data of individuals residing in the EU. The regulation includes provisions for obtaining consent, the right to access and erasure, data portability, and mandatory reporting of data breaches.