On May 25th, the European Union implemented a General Data Protection Act, better known as GDPR, to tighten controls on what companies can or cannot do with users’ data. This revision is much needed, as many of the laws were previously written before smartphones came along and took data harnessing to a massive new level. It means that companies like Facebook and Google now have to be more transparent with users on where their personal data gets sent, having users to “opt-in” when sharing data online. They will also have to use fewer jargon when explaining data policies and minimise the number of pre-ticked boxes when getting users’ consent. There is also a new focus on protecting other personal information, such as sexual orientation and political leanings. Failure to adhere to these rules will also mean severe fines, so companies really need to think twice about non-compliance. Hopefully, this will make the internet a lot less of a scary place, especially following the Cambridge Analytica scare earlier this year.