Which description best characterizes the General Data Protection Regulation (GDPR)?

• A. A legal framework that sets guidelines for the collection and processing of personal information from individuals in the EU.
• B. A voluntary code of conduct for companies handling data.
• C. A regional data storage standard for EU member states.
• D. A consumer privacy advocacy program in the European Union.

Answer: (A)

GDPR is a binding legal framework in the European Union that sets the rules for how personal data about individuals in the EU can be collected, stored, and processed. It applies to organizations both inside the EU and outside the EU if they handle data of people in the EU, and it establishes clear obligations for data handlers along with rights for individuals, such as access, correction, deletion, and data portability. It also enforces consequences for non-compliance and requires measures like data protection by design, risk assessments for high‑risk processing, and breach notification. This isn’t a voluntary code, a regional data storage standard, or a consumer advocacy program; it’s enforceable law that governs data collection and processing.