The document discusses the General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It defines personal data as any information relating to an identified or identifiable natural person, including various types of data like name, location, identification number, online ID, genetic, gender, physical, ethnic, cultural, social identity, memberships, and biometric. Data can exist in different states including at rest, at work, and in motion. The GDPR requires that everyone who handles personal data, including data controllers and processors, must be able to explain what data they have, where it is stored, when it is shared, who has access to it, why it is needed, and how it is secured. Responsive