Which regulation governs the processing of personal data in the European Union?

The General Data Protection Regulation (GDPR) is the primary regulation that governs the processing of personal data within the European Union. Enacted in May 2018, the GDPR establishes comprehensive guidelines for the collection, use, and storage of personal information of individuals residing in the EU and the European Economic Area (EEA). It aims to enhance individuals' control over their personal data and simplify the regulatory environment for international business by harmonizing data protection laws across countries.

Key principles of the GDPR include the requirement for explicit consent from individuals for data processing, rights to access and delete personal data, data portability, and the obligation for organizations to implement privacy by design and by default. The regulation also imposes substantial penalties for non-compliance, emphasizing the importance of data protection and privacy.

In contrast, the other options listed pertain to specific sectors or geographical regions and do not address personal data protection at the broad regulatory level applied by the GDPR within the EU.