# Policy Papers & Briefings ## GDPR The European Union’s General Data Protection Regulation ([GDPR](https://gdpr-info.eu/)) is a law on [data protection and privacy](https://ec.europa.eu/info/law/law-topic/data-protection_en) that applies to all individuals within the EU and the European Economic Area (EEA), including both citizens and residents. It aims to simplify the regulatory environment for international business by unifying the regulation within the EU. Passed in 2016, GDPR went into effect on 25 May 2018, and brought with it a host of new measures that empower citizens and residents with control over their personal data, and it also addresses the export of personal data outside the EU. GDPR has set a standard internationally for the kinds of protections and rights it enables for citizens, and mandates that private sector companies and other entities operating within the EU provide data protection services, even if their headquarters are outside of the EU (referred to as extraterritorial applicability). If an organization or company fails to comply with GDPR rules, they can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). GDPR [codifies](https://www.eugdpr.org/the-regulation.html) certain policies and privacy standards into law, such as but not limited to: * The need for clear consent and easily accessible terms and conditions. * Notification of privacy breaches or when data has been compromised. * The right of consumers (data subjects) to access and download their personal data, free of charge. * The right to data erasure (also known as the right to be forgotten). * Data portability, which is the right for a consumer to freely transfer their data from one service to another without penalty. * The right to privacy by design, which refers to creating and designing services handling personal data that incorporate privacy principles and provide safeguards to protect data. Additional resources: * Two Years Under the EU GDPR: An Implementation Progress Report ([Access Now](https://www.accessnow.org/cms/assets/uploads/2020/05/Two-Years-Under-GDPR.pdf)) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://policy-advocacy.gfmd.info/resources/internet-governance/data-protection-and-privacy/policy-papers-and-briefings.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.