GDPR stands for General Data Protection Regulation. It is the updated legal framework in the EU for the collection and management of data, which came into effect in May 2018.
These regulations cover data both online and offline for all EU citizens regardless of where the business they are dealing with is situated.
For online data collection, the basic idea is:
- don’t collect people’s personal data unless they give you explicit permission
- don’t collect data unless you need it
- don’t keep data unless you need it
- don’t share data unless you are explicitly allowed to
- keep any data you have collected as safe as possible
GDPR obviously has a lot more to it than this, however, these are the general ideas. You can find out more about the regulation here.