What is GDPR (General Data Protection Regulation)?

The General Data Protection Regulation (GDPR) is a privacy law from the European Union (EU). It controls how organizations collect, use, and protect the personal data of EU residents, even if the organization is outside the EU. In identity management, GDPR requires platforms to respect user rights such as consent, access, deletion (right to be forgotten), and data portability. It also demands secure storage and minimal use of personal data.