The General Data Protection Regulation or GDPR is a legal framework providing guidelines for the collection and processing of personal information from individuals living in the European Union. It applies regardless of where websites are based. It must be observed by all sites that attract visitors from the region. This is the case even if they do not actually sell goods and services to EU residents.