Source: Council of the European Union (video statements)
The GDPR has been in force since 2018 and applies to any organisation handling the personal data of people in the EU, – regardless of where the organisation is based. It sets out rules on data consent, the right to access, correct, erase and transfer your personal data, and the right to object to marketing profiling . Organisations that don’t comply can face fines of up to €20 million or 4% of their global annual turnover.