The General Data Protection Regulation (GDPR) is a set of general regulations of data protection within the EU. GDPR applies to personal data, i.e. data used to identify natural persons, and data processing requires a suitable legal basis (e.g. special categories of personal data may be processed only with the consent of the data subject). The purpose of GDPR is to prevent the misuse, collection and disclosure of personal data to the detriment of the given person. Personal data protection is one of the fundamental human rights. Violation of the Regulation is punishable by a fine and fines can be in the millions of euros. The Regulation applies to all institutions and entities that use (i.e. process) personal data as part of the performance of their work.