The European Union's General Data Protection Regulation (GDPR) is a comprehensive legal framework designed to protect individuals' personal data. Enforced since May 2018, it establishes guidelines for how organizations collect, store, and process personal information. GDPR aims to give individuals greater control over their data and ensure transparency in data handling practices. Under GDPR, individuals have rights such as accessing their data, requesting corrections, and demanding deletion. Organizations that fail to comply with these regulations may face significant fines. The regulation applies to all businesses operating within the EU and those outside the EU that handle data of EU residents.