GDPR: abbreviation for EU General Data Protection Regulation (Regulation 2016/679), EU law which comes into force on 25 May 2018 as a replacement for existing EU privacy and data protection law (including, in the UK, the Data Protection Act 1998). It is designed to strengthen individuals’ rights over their personal data and creates much higher penalties for non-compliance than the regime it replaces.