Effective May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) imposes sweeping new requirements for many website operators that collect and process information about individuals living in the European Economic Area (EEA). U.S. companies with e-commerce and other web activities reaching persons living in the EEA need to understand GDPR, since penalties for violations can reach the greater of four percent of global revenue or EUR 20 million.