General Data Protection Regulation, GDPR introduced the key principles of data privacy by design and default, handing power back to the consumer. GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. These measures include understanding what personal data a business handles and where this data resides; performing risk assessments to assess exposure to accidental or unlawful loss of this data; implementing various technical and procedural controls to protect personal data; and for some businesses appointing a data protection officer charged with overseeing GDPR compliance. Enforcement began 25 May 2018 establishing strict breach disclosure requirements which will impose fines for non-compliance.