The European Union’s General Data Protection Regulation (GDPR) goes into effect May 25, 2018. Companies have been preparing for it for awhile but if you’re still in the dark, it’s not too late to get up to speed.

Here are five things to know about the EU’s GDPR:

1. It’s about data privacy

The GDPR attempts to give EU citizens more control over what data companies collect, store, and use.

2. It probably applies to your business

GDPR applies to every citizen of the EU and any business entity that transacts with them. Sell a t-shirt to a Frenchman? You need to deal with the GDPR.

3. It’s pretty much any kind of data

Anything related to a person that can be used directly, or indirectly, to identify them is now regulated.

SEE: GDPR consent request forms: Sample text (Tech Pro Research)

4. You have to get explicit permission to process personal data and your request must be in clear language

You can’t use long legal documents or hide things in a privacy policy. And it has to be as easy to withdraw consent as it was to give it.

5. Penalties are big

If an enterprise violates the practices of the GDPR, it can be fined up to 4% of the company’s global turnover or 20 million Euros, whichever is greater.

Those are the big things but there are loads of other considerations like the right to be forgotten, data portability, and more. Hopefully these help get you wrap your head around the issue.

When you’re ready for more, TechRepublic has a comprehensive guide to the topic: EU General Data Protection Regulation (GDPR): A cheat sheet.

Also see: