The General Data Protection Regulation (GDPR) sets new standards for how companies in the EU and abroad handle personal data from EU citizens. It gives EU citizens more control over their personal data and requires companies to obtain explicit consent when collecting personal data. Failure to comply with GDPR can result in large fines of up to 20 million euros or 4% of annual global revenue. While aimed at protecting EU citizens, GDPR has global implications and applies to any company that handles personal data from EU individuals.