The EU's General Data Protection Regulation (GDPR) entered into force in May 2018. It is the most significant legal development in the sphere of privacy and data protection in the EU in the past 20 years. The ramifications of this new legislation are wide-ranging since they do not only affect the EU, but also every country that interacts with EU consumers. The book explains the theory and reasoning behind every major GDPR development, and connects them to how these provisions work in practice. It follows a disciplined structure in accordance with the GDPR and discusses the topical debates surrounding it in the past two years. It goes on to provide an outlook of what the future of privacy in the EU will look like.