The General Data Protection Regulation (EU GDPR) became effective on May 25, 2018. It supplements and expands the scope of data protection that was previously governed by the German Data Protection Act. The EU GDPR applies to all that are in contact with customers in any way and have to collect personal data, or have to handle data that requires special protection (e. g. healthcare data). The data protection supervision agencies are primarily responsible for the monitoring and implementation of data protection legislation. The EU GDPR has resulted in a dramatic increase of the fines imposed for data protection violations.