On May 25, 2018, the European General Data Protection Regulation (GDPR) that has been in the pipeline for a couple of years now goes into effect across European Union EU and European Economic Areas EEA. This has replaced the old privacy laws of 1995. It is a much tougher regime now, not least because companies must adhere to a new framework that creates consistent and reliable data protection rules across the EU and EEA. All businesses that process the personal data of individuals in the EU and EEA must comply with the GDPR or risk strict penalties and fines. The regulators will be able to impose hefty fines on organizations that misuse customers/citizens personal information.