The EU General Data Protection Regulation (GDPR) entered into force on 24 May 2016, and will become directly applicable in all EU member states from 25 May 2018. This two-year period is intended to allow businesses and regulators to prepare for the most significant change in EU data protection law since the enactment of the EU Data Protection Directive (Directive 95/46/EC) in 1995. The GDPR replaces the existing Directive and establishes a single set of rules throughout the EU, although EU member state data protection laws may complement these rules in certain areas. The EU data protection authorities (DPAs) gathered in the Article 29 Working Party (WP29) will publish a number of guidelines on how to interpret and implement the new legal framework. This will help businesses ensure that their existing data protection practices comply with the GDPR by May 2018.