GDPR will apply to all members of the EU and EEA from May 25, 2018. It will replace todays legislation regarding privacy in member countries currently subject to the EU Directive 95/46. You find many of the statutes in the GDPR in the current legislation, but the GDPR is more detailed and precise in certain areas, and takes into account the challenges in the rapid evolving digital world, giving rise to privacy risks for data subjects. GDPR is first of all demanding due to its detailed transparency requirements. Any company as well as other bodies that process personal data, is also to a large extent required to document the processing, ensure the lawfulness of processing, document the existence of sufficient procedures, provide information on security measures and to ensure that sufficient data processing agreements are in place. GDPR is important because it improves the protection of european data subjects’ rights and clarifies what companies that process personal data must do to safeguard these rights.