The GDPR (General Data Protection Regulation) is a comprehensive data protection regulation of the European Union that came into force in May 2018. It sets out requirements and guidelines for the protection of EU citizens' personal data and gives them more control over their data. For websites, the GDPR means that they must ensure transparency and security with regard to the processing of personal data. They must provide clear privacy policies to obtain users' consent to the use of their data and take appropriate technical and organisational measures to ensure data security. Failure to comply with the GDPR can lead to significant fines and sanctions.