![[article image]](https://cacm.acm.org/system/assets/0003/4296/032019_CACMpg38_New-E-Data-Privacy.large.jpg?1552943723&1552943723 "flag with GDPR initials in circle of stars")
This has been a momentous year for data protection and information security regulation in Europe, with two landmark pieces of legislation taking effect. Together they represent a major shift in the European industry's approach to privacy and security compliance.
The long-awaited General Data Protection Regulation (GDPR) came into force in the European Union (EU) on May 25, 2018, attracting a huge amount of attention and prompting a flurry of email messages to customers on historic marketing lists.