The GDPR will have a significant impact on travel and marketing industries beginning May 2018. It establishes much stricter rules around personal data processing and privacy. Non-compliance can result in fines up to 4% of annual global turnover or 20 million euros. Key changes include strengthened data subject rights, accountability requirements for all data processing, security obligations, and mandatory breach reporting. Companies need to audit all data practices and subcontractors to ensure compliance. Preparation may take 1-10 months depending on company size and complexity.