This document discusses the General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It will apply to all companies and gives individuals new rights around accessing and deleting their personal data. It also requires companies to implement privacy by design and notify authorities within 72 hours of a data breach. The document also outlines debates around whether previous policies were sufficient, concerns about spam and data breaches, and arguments that individuals will just click through privacy notices as well as whether the EU can enforce fines. However, supporters argue that the GDPR will push companies to improve security, be more transparent about what data they hold, demand more from third parties, and give individuals better control over their personal information.