The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). From 25 May 2018 every website collecting data from EU citizens must need the GDPR requirements.