The General Data Protection Regulation (or GDPR for short) is a law that was approved by the European Union in April 2016 and went into effect on May 25, 2018. It replaced an earlier law, the Data Protection Directive, and was set up to regulate the way companies process and use the personal data they collect from consumers online. It also has rules in the way that information is moved, whether that's partly or entirely through automated means.