What type of regulation is GDPR?

The General Data Protection Regulation (GDPR) is classified as a European Union regulation. It was enacted by the EU to provide a unified data protection framework across all member states, establishing rules and guidelines on how personal data must be handled. This regulation aims to protect the privacy and rights of individuals within the EU and the European Economic Area, ensuring that personal data is processed transparently, securely, and with appropriate consent.

By being a regulation, it is directly applicable to all member states, meaning that it does not require national legislation to be enacted in order to be enforced. This uniformity helps prevent discrepancies in data protection laws between different countries within the EU, enhancing the protection of personal data and giving individuals greater control over their information. Moreover, while GDPR is primarily focused on the EU, it also has global implications as it applies to any organization handling the data of EU citizens, regardless of where that organization is based.