The Internet has revolutionized several sectors of the economy. And with its rise it has become indispensable for carrying out daily functions without problems. The prevailing times are often referred to as the "data age", which often leads to the separation of personal data when using various Internet services. With the exponential increase in users, incidents of identity theft, unauthorized access and other similar violations have increased. Privacy concerns exist wherever personally identifiable information or other sensitive information is collected, stored, used, and ultimately destroyed or erased digitally or otherwise. The challenge of data privacy is to use data and at the same time protect individuals' privacy preferences and their personally identifiable information. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essay The right to privacy is a highly developed area of ​​law in Europe and all member states of the European Union are also signatories to the European Convention on Human Rights. An important part of European privacy and human rights legislation is the Data Protection Directive. This is a European Union directive adopted in 1995 that regulates the processing of personal data within the European Union. The General Data Protection Regulation (GDPR), adopted in April 2016, will replace the Data Protection Directive and will be applicable from May 2018. GDPR is a regulation by which the European Parliament, the Council of the European Union and the Commission European Union intend to strengthen and unify data protection legislation for all individuals within the European Union. It will also look at the export of personal data outside the EU. The GDPR primarily aims to give citizens and residents back control over their personal data and to simplify the regulatory environment for international businesses by unifying regulation within the EU. It does not require national governments to pass any enabling legislation and is therefore directly binding and enforceable, unlike the current directive which requires the passing of laws. The GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents. It also brings a new set of digital rights for EU citizens in an era where the economic value of personal data is increasing in the digital economy. The GDPR is the most significant piece of European privacy legislation of the last twenty years that seeks to unify data protection. read across Europe. Under this regime companies must keep a comprehensive record of how and when an individual gives consent to the storage and use of their personal data. When someone withdraws consent at any time, their data must be permanently deleted and not simply deleted from a mailing list. The GDPR gives people the right to be forgotten. Privacy by Design and Default is the cornerstone of the GDPR. Privacy by design is a fundamental component in the design and maintenance of each organization's information systems and operating methods. This dictates that, from the initial stages onwards, the organization must consider the impact that data processing may have on an individual's privacy. This means that any new business process or product that could involve personal data or impact an individual's privacy must be designed in accordance with data protection requirements. Article 25 of the GDPR codifies the concept of privacy by design. Based on, 34(2), 308-328.