The European Union’s General Data Protection Regulation (GDPR) is a new set of rules developed to give residents of the EU more control over personal information. GDPR extends the reach of the 1995 EU Data Protection Directive to further protect citizens’ rights to personal data protection and implement stricter policies for the organizations collecting and storing data.

The GDPR was ratified in 2016 and will be enforced starting on May 25, 2018. Once enforced, this legislation will shift the burden of responsibility from consumers granting access to personal data, to the entities collecting, processing and controlling personal data.