The General Data Protection Regulation (GDPR) regulates how personal data is collected and stored by organizations. It provides individuals several rights around their personal data, including rights to access, rectify, erase, and port their data. GDPR applies to any organization that does business in or markets to individuals in the EU. It requires organizations to obtain informed consent to collect personal data, securely store data, notify authorities of data breaches, and could result in fines of up to 4% of global annual turnover for noncompliance. GDPR goes into effect on May 25, 2018 for all EU member states.