The GDPR and HIPAA regulations are prominent data protection regimes. The GDPR is a broad regime covering info about any identifiable person and applies across the European Economic Area. HIPAA is a more limited U.S.-centric regulation, focusing on protected health info (PHI) and specific healthcare entities.