General Data Protection Regulation (GDPR) becomes effective May 25, 2018, introducing new legislation for data processing in European Union (EU) member countries and anywhere the personal data of EU citizens is processed. Because of this new legislation’s scope, if your business is based in the U.S. and you process personal data of EU citizens, you will be affected. GDPR provides many new personal data rights to EU citizens, including the right to erase data, the right to revoke consent, easier access to their personal data, and the right to know if their data has been compromised by a cyber-attack.