GDPR
The General Data Protection Regulation, implemented in 2018, is an EU law requiring companies to protect, transparently manage, and be accountable for EU citizens' personal data. It applies not only to EU companies but also to any organization processing such data, regardless of location.