After four years of intense debate, scrutiny and political posturing, one of the most sweeping reforms to European data protection laws is here in the form of the General Data Protection Regulation (GDPR). But its reach goes well beyond the borders of the member states it will be felt globally. All organizations use personal data, be they public or private, global finance or fashion retailer, and any entity that stores or processes the personal data of an EU citizen will be obliged to conform to the new law, regardless of where they reside. No other ruling comes close to the scale of the GDPR.