General Data Protection Regulation (GDPR) is a law issued by European Union and that must be followed by services provided to European Union countries.
Because internet services tend to be global, in the end it must be accomplished by most electronic services around the globe.
GDPR requires that a Data Protection Impact Assessment (DPIA) is completed.
There may be specific regulation within each EU states members. For example, Spain has the General Regulation for Data Protection (in Spanish, Reglamento General de Protección de Datos, whose acronym is RGPD).