Enforcement of the General Data Protection Regulation (GDPR) began on May 25. The GDPR is a set of European Union data protection and privacy regulations that apply to American e-commerce with European customers, and that designate European individuals as legal owners of their personal data. GDPR requires specific procedures for processing the personally identifiable information of individuals inside the European Union, and applies to all enterprises, regardless of location, that are doing business with Europeans. Consequently, GDPR compliance best practices have necessitated technological changes by American internet goods and services providers.

The GDPR is a regulation, not a European Union directive. Thus, it does not require national governments to pass any enabling legislation to be enforceable. The legal changes require those internet companies that participate in the European Economic Area to store personal data using pseudo-names or making all data anonymous.