This document summarizes the key aspects of the new European Union General Data Protection Regulation (GDPR) legislation that took effect in 2016. It outlines that the GDPR establishes a common standard for data protection across the EU and replaces the previous 1995 directive. The GDPR applies to all companies that process personal data of EU citizens, regardless of the company's location. It defines personal data and establishes principles for lawful and fair processing, including obtaining consent and respecting individual rights such as access, rectification, erasure and objection. The GDPR aims to protect EU citizens' data privacy and security.