The General Data Protection Regulation (GDPR) is a law in the European Union which requires leaders to have a complete understanding of what personal data is and how it’s handled by their company. Safeguarding people’s data privacy rights and protecting sensitive information means properly obtaining consent and following best practices for compliance.