The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation which aims to give EU citizens back control and transparency over their personal data, how it is used, by whom and for what purpose. As of the 25th of May 2018 when the GDPR came into effect, businesses who do not comply, risk significant fines of up to €20m or 4% of global annual turnover, whichever is greater. Under the GDPR, personal data must be processed lawfully, fairly and in a transparent manner.