“The EU General Data Protection Regulation ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organisations that collect and manage your personal information must also protect it from misuse and respect certain rights.” (source)