The General Data Protection Regulation (GDPR) will overhaul data protection throughout the European Union when it comes into effect May 25. A large number of Australian businesses could be affected, therefore, it is important to become familiar with significant elements of the GDPR. The GDPR is similar to certain principles under the Privacy Act 1988 (Cth) (Privacy Act), but it gives more power to individuals regarding the use of their personal information. Individuals have rights regarding data portability, the right to be forgotten, the right to restrict processing and the right not to be subject to decisions based solely on automated processing. Australian businesses who must be in compliance are those that have an establishment in the EU; offer goods or services in the EU or monitor the behavior of individuals in the EU. Those not in compliance could face hefty penalties.