What does it do?

Regulates how personal data can be processed by private businesses, state administration and other organisations. (“Processing” includes anything related to the collection, aggregation, mining or sharing of data.)

The GDPR also regulates that personal data should be stored and processed securely.