{The General Data Protection Regulation (\acro{GDPR}) in the European Union} {Doris Behrendt} {On 25 May 2018 the \acro{GDPR} was applied in the \acro{EU}. In my position as treasurer of the German \TeX\ user group \acro{DANTE} e.V. I studied this regulation from the \acro{DANTE} perspective and will talk about some aspects of this regulation, which are concerning us. As some of you probably know, a lot of Europeans\Dash including myself\Dash are somewhat delicate about data processing and privacy. While the industry complains about the \acro{GDPR} being a monster of bureaucracy, there are also some quite interesting legal bearings that come with it, e.g. it will also apply ``to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to \dots\ the offering of \dots\ services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union \dots''. This should be interesting especially to companies that are not based in the \acro{EU} but are handling data of \acro{EU} citizens, and by \acro{GDPR} Article 83~(5) not complying could become expensive: ``{Infringements \dots\ shall \dots\ be subject to administrative fines up to 20,000,000 \acro{EUR}, or in the case of an undertaking, up to 4\% of the total worldwide annual turnover of the preceding financial year, whichever is higher \dots}''. You can imagine that this could become very interesting when the next Facebook or similar data scandal comes up. }