What Legal Framework Does the EU Use for Data Protection?

The European Union uses the General Data Protection Regulation (GDPR) as its legal framework for data protection. The GDPR is recognised as the toughest privacy and security law globally. Although it was drafted and passed by the EU, organisations worldwide must comply with it if they target or collect data related to people in the EU. The regulation came into effect on 25th May 2018, and enforces stringent privacy and security standards, with penalties for violations reaching up to tens of millions of euros.