What is the GDPR?
The General Data Protection Regulation, Regulation (EU) 2016/679 and almost always just "the GDPR", is the European Union law that governs how organizations collect, use, store and share the personal data of people in Europe. It has applied directly across the EU and EEA since 25 May 2018, and it replaced a patchwork of older national data protection laws with a single, common rulebook.
The first thing to be clear about is that the GDPR is a law, not a standard you certify against. There is no general "GDPR certified" stamp you can put on your website. The regulation does allow for approved certification mechanisms in specific areas, but there is no universal certificate that says an organization "is GDPR compliant". Instead, compliance is something you demonstrate, continuously, through accountability: being able to show, on demand, that you handle personal data the way the law requires.
Personal data is defined broadly: any information relating to an identified or identifiable person — a name, an email address, an IP address, a customer ID, a location. If your systems touch information about real people in Europe, the GDPR almost certainly has something to say about how you do it.
Compliance vs certification
This trips teams up constantly, so it is worth being precise. With a framework like ISO 27001 you work toward a certificate issued by an accredited body. With the GDPR there is no such badge to earn — you are simply expected to comply, and to be able to prove it if a supervisory authority or a customer asks. That is why GDPR work is less about passing an audit on a given date and more about keeping a living set of records that show you are doing the right thing day to day.