when the new GDPR entered into force. If not else, you noticed it by receiving e-mails from all quarters, partially confirming that the sender complies with the new rules or that changed its privacy policies in line with the new rules or asking for your consent to use your data. Did those who did not write you, miss something? Did you miss something when you did not write to all people whose data you store? Well, it depends. Those who complied with the old directive (and the national laws transposing it), do not necessarily have to do something. There are, however, three changes behind for them: - instead of relying on a notification to their data protection authority, they themselves have to keep documentation demonstrating that they comply with the new regulation - there are more strict and also more precise rules when someone can ask "to be forgotten" i.e. his/her data erased - non-compliance can result in hefty fines. Some organisations may have to nominate a data