On May 25, 2018 the General Data Protection Regulation (GDPR) goes into effect in the European Union (EU). This regulation has a broad scope beyond companies performing clinical research – all personal data falls under this jurisdiction which includes web search engines, social media, and much more. But specifically, how does this new regulation affect personal data collected during a clinical trial and what do Sponsors and Contract Research Organizations (CROs) need to do to ensure compliance? Here we aim to address the highlights of the GDPR and its implications on clinical research.