What is the AVG (GDPR) in plain language?

The AVG (Algemene Verordening Gegevensbescherming) is the EU privacy law in effect since 25 May 2018. In English it's called the GDPR — General Data Protection Regulation. It replaces the older Wet bescherming persoonsgegevens. What does it govern? What businesses, government and other organisations may and may not do with your personal data — collect, store, use, share, sell. Who does it apply to? Every EU-based organisation, plus every non-EU organisation that processes EU residents' data. So US big tech, Asian webshops and UK companies must also comply when they hold your data. Core principles? Six rules — lawfulness (must have a legal basis), purpose limitation (data only for the stated purpose), data minimisation (only what's strictly necessary), accuracy, storage limitation, integrity + confidentiality. Your rights? Eight concrete rights: access, rectification, deletion, restriction, portability, objection, no automated decision-making, and the right to lodge a complaint with the supervisory authority. Who supervises? In the Netherlands the Autoriteit Persoonsgegevens (AP). Fines can reach €20 million or 4% of global annual turnover — whichever is higher.