The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that governs how personal data is collected, processed, and stored, ensuring individuals' privacy rights. It imposes strict requirements on organizations, with significant penalties for non-compliance, and grants individuals enhanced rights over their personal data, such as the right to access, rectify, and erase their information.