The General Data Protection Regulation (GDPR) will give EU citizens a much greater say over how their personal data is used. Expect the rest of the world to follow suit.

In the last two weeks of May, your mailbox was full of incoming messages from companies in what seemed like a spam storm with the letters ‘GDPR’ in the subject lines.

Looking closely at these email senders, you realized they were from companies you’ve either dealt with in the past, mailing lists you’ve subscribed to at some point in time or just senders who have been communicating with you for years and you can’t remember how on earth they got hold of your email.

The reason for these emails is the new data privacy law that has gone into effect in Europe on May 25 called the General Data Protection Regulation, or GDPR for short. It gives users much more control over their personal data, forcing companies to apply strict standards regarding how such data is collected, processed and stored. All these companies were contacting you to ask for your confirmation that they are allowed to communicate with you and retain your personal information.

GDPR is the biggest change in data privacy regulation since the Internet began and non-adherence carries heavy fines. No wonder it has marketers running scared.

The legislation was passed in April 2016 by the European Parliament, to be brought into effect two years later. It did not take the lines of Facebook or Google by surprise as they’ve been preparing for it, changing their privacy settings and reportedly moving data storage of non-EU users out of Europe. Still, they were immediately sued by a non-profit organization, called NOYB, for their use of “forced consent” by completely blocking use of their services if users decline to accept all data processing consents.

How tough are these regulations on website publishers? Well the day GDPR went into effect, dozens of American news sites decided to block their services entirely rather than adhere to the new regulations. Some companies ceased European operations entirely citing GDPR as the reason. It makes you wonder what these companies have been doing with the data of Europeans.

GDPR presents particularly unique challenges for the advertising industry, as campaign tracking services have to adapt their methods of tracking conversions (when a user clicks an advertisement then converts into a customer) to only store part of the information. Currently, all kinds of data are collected automatically such as the user’s device, location, behavior and more. Marketers require this information to measure Return on Investment (ROI) of money spent on advertising.

In the lead up to the GDPR deadline, sales volume of online behavioral advertising placements in Europe fell by 40 percent. This is part of the bigger issue of third party data held by different vendors in the marketing ecosystem, whether CRM companies, email service providers, advertising networks or others. Extensive studies already exist on how GDPR impacts digital marketing. If you’re in that field and run campaigns targeting Europe, you must take this all on board.

For now, various specialists are evaluating the impact of GDPR as it happens, day in, day out. For example, Artificial Intelligence specialists claim that collecting user data is part of the intelligence learning process and regulations like GDPR slow that evolution.

In addition, there are concerns that while the aim is to protect user freedom by protecting privacy, the actual implementation of GDPR is obstructing user freedoms in Europe due to the inaccessibility of non-compliant global services and websites.

Implementing the GDPR policies requires a real transformation in the way online business is conducted. European lawmakers have gone into so many details, even as far as requiring that previously lengthy user license agreements must now be shorter and written in plain language that is easy to understand. Non-compliance to this means users can complain, and companies can be fined.

Whether companies like it or not, GDPR points to the future of all privacy data to be adopted by governments across the globe. Sooner or later, other regions of the world will adopt these strict data standards and we will all have to cope with the upheaval. Here, in the wildly unregulated data landscape of the Middle East, it’s better to start some data housekeeping now, beginning with a shift towards permission-only marketing and data safety measures.