In 2016, the European Parliament passed sweeping legislation to provide citizens with a greater level of control over their personal data and require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Companies and organizations were given two-years to get in compliance with the new regulations or face heavy fines. May 25, 2018 is the date that GDPR goes into effect.
There are several main changes that companies must now follow. If they are not in compliance they will be fined 4% of annual global turnover or €20 Million (whichever is greater).
Due to the Right to Access provision in GDPR you can now request a copy of all the data a company has collected about you. Sometimes this has to be done in writing, while others are starting to roll out instant downloads.
Source | SJPL-US