In May 2018, the European Union's General Data Protection Regulation (GDPR) will go into effect and will fundamentally change how advertisers and consumers interact in the online environment. When effective, the regulation will significantly increase current restrictions on advertiser access to personal consumer information, will require additional data management procedures and will mandate new advertising disclosure requirements. In many respects, the efforts required to comply will resemble the same kinds of undertakings organizations went through to comply with Sarbanes-Oxley and Dodd-Frank. Importantly, the failure to comply carries fines as high as four percent of a company's global turnover. Unfortunately, the EU has provided very little meaningful guidance on actions companies must take to become compliant.