The GDPR (General Data Protection Regulation) provides better data protection rights for EU citizens and updates rules for businesses. It replaces the 1995 EU directive on data protection and aims to stimulate economic growth while guaranteeing privacy rights. Under GDPR, companies must protect individuals' rights to their personal data through measures like obtaining consent, allowing access and portability, handling profiling and marketing appropriately, safeguarding sensitive data, and having rules for international data transfers.