GDPR, short for General Data Protection Regulation, is a European Union law governing digital data collection, use and storage. It took effect in May 2018. GDPR is intended to protect individuals’ data privacy and requires that companies within the EU clearly explain how personal data is collected and used. EU citizens can object to their data being used for direct marketing, for example.