A regulation – also known as Regulation (EU) 2016/679 in official contexts – spearheaded by the three legislative European Union institutions: the European Parliament, European Commission, and Council of the European Union.
It replaced the Data-Protection Directive (Directive 95/46/EC) when it came into force on May 25, 2018.
The goal of the GDPR is to return control to data subjects (citizens) in the union over their data and make the regulatory environment simpler for international business.