Businesses, large and small, are in the midst of preparing for compliance with the European Union’s (EU) new data privacy laws: The General Data Protection Regulation, or the GDPR, which will go into effect on May 25, 2018. The GDPR is very broad in scope and can apply to businesses both in and outside of the EU. Businesses that don’t comply with the GDPR could face heavy fines. GDPR defines personal data as “any information relating to an identified or identifiable natural person.” In addition to the kinds of information you might think about – name, address, email address, financial information, contact information, identification numbers, etc., personal data can also include information related to your digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers. It also could mean information about a person, including their physical, mental, social, economic or cultural identities. Therefore, if information can be traced back to or related in some way to an identifiable person, it is highly likely to be considered “personal data” under the GDPR.