The General Data Protection Regulation (GDPR) is an extensive law that went into effect in the European Union as of May 25, 2018. It is a replacement for the Data Protection Directive which set minimum standards for data processing, with updated and additional laws surrounding the protection of consumers’ personal data. Taking a “consumer-first” approach, the new laws give individuals more rights and control over their own data. It impacts any business, whether a part of the EU or not, that handles EU citizens’ personal information. At a high level, the laws require businesses to be transparent about what data they are collecting from their customers and how they plan to use it, as well as ensuring accuracy of this information moving forward.