On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) goes into effect, imposing a drastic transformation on EU privacy laws. The GDPR places a number of new requirements on companies related to reporting data breaches, how companies store, protect and transfer personal data and gives additional rights to people who have shared personal data with companies. The GDPR was originally adopted by EU member states in May 2016. However, the EU gave companies two years to prepare for the requirements under the GDPR. While the GDPR is a complex and comprehensive law, companies should be aware of the following three key provisions. More.