GDPR -- also known as the General Data Protection Regulation -- is an extensive data privacy and security law that was put into effect by the European Union on May 25, 2018. While it was created by the European Union and applies to users in the European Union, any company that provides digital goods and services to users in the EU must comply with it or face serious fines and penalties.
GDPR is quite extensive and contains rules on such topics as Data protection principles, Accountability, Data security, Data protection by design and by default, Data processing, Data consent, and Individual privacy rights. However, one of the most common ways that the average person interacts with GDPR is through cookie consent banners.
Any individual or company that is providing digital products or services to users in the European Union must comply with the GDPR, even if the individual or company providing the products or services is not itself within the European Union. It was a common misconception that only EU companies must implement this, but in fact it is a requirement for any company that wishes to do business in the EU.