The Fundamentals of GDPR and Data Protection
One aim of the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, was to harmonize data protection laws across Europe — so its legal form is a regulation (an order that must be executed) as opposed to a directive (a result to achieve, though the means to achieve aren’t dictated).
The GDPR is the successor to the European Union’s Data Protection Directive 1995 (Directive 95/46/EC). Unlike a directive, when the European Union (EU) enacts a regulation, it becomes national legislation in each EU member state, with member states having no opportunity to change it via national legislation.