The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Superseding the Data Protection Directive, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time (for more information visit the link, https://en.wikipedia.org/wiki/General_Data_Protection_Regulation).
Many organizations across the EU can provide helpful information about consumer rights. If you have a consumer problem related to a purchase of goods or services from a trader based in another EU country, you can seek advice from your European Consumer Centre (ECC) free of charge (for more information visit the link, https://ec.europa.eu/consumers/odr/main/?event=main.home2.show).