"The General Data Protection Regulation (GDPR) is a European privacy law that is set to go into effect in May 2018. The GDPR replaces the Data Protection Directive that was put into place in 1995. Although it is a European law, it will impact any entity that does business in or offers services and goods to people in the European Union (EU), regardless of their location. It will also apply to any entity that collects and analyzes the data of EU residents or businesses.
The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Under GDPR, private information is defined as any information that is directly or indirectly identifiable to an individual. This includes information such as social security numbers, location data, online identifiers, pseudonymous data, and genetic or biometric data, such as fingerprints and facial recognition."