The GDPR (General Data Protection Regulation) takes effect on May 25, 2018. It is a new comprehensive data protection law in the EU which replaces the patchwork of national data protection laws currently in place in each EU member state, with a single set of directly enforceable rules throughout the EU. With the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual. It regulates the “processing,” of personal data about EU individuals, which includes the collection, storage, and transfer or use. Regardless of whether an organization has a physical presence in the EU or not, any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law. To be noted, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of...