A regulation in EU law on data protection and privacy.

The General Data Protection Regulation (GDPR) is the EU regulation that governs how personal data is collected, used, stored, and shared. It creates a single, harmonized framework across member states, applying to any organization that processes the data of EU residents, even if the organization is outside the EU. GDPR establishes individuals’ rights (such as access, deletion, and data portability), requires a lawful basis for processing, mandates breach notification within 72 hours, and can carry substantial penalties for non-compliance. The other options describe broad ideas or specific practices, not a regulation: privacy is a general concept, cookie consent is one mechanism used under GDPR, and location tracking is a type of data processing—none of which by themselves are EU data protection regulations.