Which of the following best describes the purpose of GDPR?

The General Data Protection Regulation (GDPR) aims to regulate the collection and processing of personal data to enhance individuals' privacy rights and protect their personal information within the European Union (EU) and the European Economic Area (EEA). It empowers individuals to have greater control over their personal data, including how it is collected, used, and shared by organizations.

This regulation mandates that organizations obtain explicit consent from individuals before collecting their data and requires transparency regarding how the data will be used. It also establishes guidelines for data protection and imposes significant penalties for non-compliance, demonstrating a strong commitment to safeguarding personal information.

In contrast, the other choices do not accurately capture the essence of GDPR. While protecting employees' workplace data, enhancing profitability for data management companies, and standardizing health information are important topics in their own right, they either fall outside the primary scope of GDPR or do not reflect its foundational purpose. GDPR's focus is specifically on personal data protection and the rights of individuals, making it a crucial regulatory framework in the digital age.