The state of privacy of individuals in the world looked bleak until 2016. Most people were subjected to the pleasures of global internet companies, who abused their positions to collect and process the personal information of their users, without their informed consent, selling it on to third parties, and not always in the best interest of the original users. This uncontrolled state of affairs is only beneficial for a few robber barons who can exploit the fact that most people are unaware of what is happening, how the proposed technology works, what the alternatives are, what their rights are, who is benefitting from it all, and who bears the long-term consequences.
To provide authorities with effective means to regulate the processing of personal information and give some of the lost rights back to people, the European Union managed to create perhaps the first effective and good legislation in this field in May 2016: the General Data Protection Regulation, or the GDPR. It gives companies two years to adapt their processing activities before the law comes into full effect in May 2018. This legislation is good for everybody except those who want to exploit the personal information of unsuspecting individuals. It provides effective means to regulate the processing of personal information, it provides and defines proper rights for individuals, and it gives companies a means to compete using privacy as a quality measurement, instead of having to compete breaking privacy. For the first time, companies have an efficient means to earn money, by providing solutions that protect the privacy of people, instead of invading it.