In May 2016, the European Union (EU) adopted a newly harmonized data protection law called the General Data Protection Regulation (GDPR). As of May 25, 2018, the GDPR will be in force throughout all EU member states and in the European Economic Area. Any organization that collects or processes
personal data of an individual within the Union is subject to this regulation, regardless of the organization’s location. While the GDPR does not introduce many substantially new concepts, it
substantially increases the compliance requirements of data controllers and processors regarding their handling of personal data.