If you haven’t heard about GDPR, you might want to hold on. Those four letter are about to upset every industry that uses data in, near or around Europe.

The GDPR, which stands for the General Data Protection Regulation, is a European Union regulation that gives people a say over how their data is used and heavily penalizes companies that fail to comply. And we mean HEAVYILY. Failure to comply can cost a company up to €20 million, or 4% of their worldwide annual revenue, whichever is higher. Somethings that can get a company fined are failing to disclose a data breach or failing to remove someone’s data, ie the “right to be forgotten.”

Here’s the tricky part. Does the EU say this law applies to European Citizens even when they’re outside of the EU, such as, say…. a British expat in Dubai? How about an Italian flying to America? Or, how about a German’s personal data sitting on Facebook servers?

Yes, yes and yes. OK, there are loopholes and sure, there will be exemptions, but the implications are clear. Any business that hold European’s personal data and does business in the EU had better get in compliance.

By Friday. Did we fail to mention that? Yes, this major landscape shifting regulation goes into effect on Friday, which means if you’re just hearing about it now, you have some catching up to do.

If you think this sounds complicated, we haven’t even began to scratch the surface. We bring Eamon Holley, a lawyer for DLA Piper who specializes in legal compliance, on the show to help explain what this complex regulation means for data driver businesses everywhere.