The General Data Protection Regulation (GDPR) is a set of laws passed by the European Union (EU) designed to protect the privacy and security of personal data related to citizens of EU countries. GDPR applies to all organizations who process personal data of EU citizens or residents, even organizations that are not based in the EU, and can bring significant fines for organizations who are found to violate the laws. GDPR sets out rules for lawful processing of personal data, including collection, use, storage, and disclosure. GDPR also grants individual citizens rights to access, update, transfer, and erase their personal data.