Itʹs official. The General Data Protection Regulation (GDPR) has started to apply directly in all member states with the aim of safeguarding the processing of personal data of all natural persons within the European Union. The Regulation is seen as the most comprehensive ‘upgrade’ of data protection rules over the last two decades as it repeals Directive 95/46/EC enacted in the distant 1995. GDPR standardises and strengthens citizensʹ rights when it comes to collecting and processing personal data while also empowering national data protection authorities to supervise this new ambitious framework, by enhancing their responsibilities and ensuring the possibility of heavy fines at their disposal. European and global businesses (big and small) had two years to adapt to the new onerous requirements which demanded administrative, technical and even strategic changes in the way they operate. The following In Brief aims to highlight the essence of the Regulationʹs 99 Articles and analyse the potential impact of GDPR on both users and business.