The GDPR (General Data Protection Regulation) came into effect in May 2018 and replaced the 1995 EU DPD (Data Protection Directive). GDPR includes new provisions to increase the rights of data subjects (individuals who live in the EU) and the penalties for companies who are not compliant.
Unlike the DPD which only governs entities within the EU, the GDPR applies both to business located in the EU as well as non-EU businesses who either market to individuals in the EU or who control or process personally identifiable data of EU citizens.
The full GDPR text can be found here.
Additional resources can be found on the GDPR's website.