The General Data Protection Regulation (GDPR) is a comprehensive privacy law that has become a model for privacy and data governance legislation worldwide. Though enacted by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation came into effect on May 25, 2018. The EU governments and regulatory authorities will levy harsh fines against those who violate the GDPR’s privacy and security standards, with penalties reaching tens of millions of euros.