What does the General Data Protection Regulation (GDPR) impose?

The General Data Protection Regulation (GDPR) imposes specific obligations on entities that process personal data of EU residents, making this the correct answer. The regulation is designed to protect the privacy and personal data of individuals within the European Union and the European Economic Area. It establishes guidelines for the collection and processing of personal information, ensuring that entities handle such data responsibly and transparently.

Under GDPR, organizations that collect or process personal data must obtain explicit consent from individuals, provide clear information about the use of their data, and ensure the rights of individuals to access, rectify, and delete their information. The regulation emphasizes the accountability of the data processors and controllers, imposing strict requirements on them to safeguard personal data and avoid breaches.

This comprehensive framework not only protects the data of EU residents but also impacts entities worldwide, which must comply with its regulations if they engage with such data. The other options do not accurately encapsulate the broad scope of GDPR or focus specifically on the obligations tied to personal data processing, making them less aligned with the core principle of this regulation.