General Data Protection Requirement of the European Union, the GDPR is the set of data protection rules across EU countries. It went into effect in May 2018, updating and standardizing privacy and data protection rules, and significantly increasing fines for violations and failures. It applies to all organizations that hold or process personal data of EU residents, regardless of organization location, thus it applies to organizations outside the EU as well as inside.