25 MAY 2018.

Some organizations celebrated with cakes. Some organizations (quite a few, according to some estimates) have punted. And some organizations are biting their nails anticipating a flood of requests from customers who want to see—and possibly delete—their data.

The General Data Protection Regulation (GDPR), which went into effect at the end of May, 2018, is a complex regulation, designed to shift how we think about data protection. Broad in scope, the regulation expands what counts as personal data and grants new rights to individual data subjects. And the regulation applies to any organization, in or out of the EU, processing data on EU data subjects.