In a world where all information travels over the internet, the use of personal data is constantly increasing and is often exploited by companies and online platforms. In fact, people often find themselves targeted by unwelcome messages and phone calls after they have carelessly entered sensitive information on certain websites. The problem of privacy is quite serious, just think of the scandal that involved the digital marketing company Cambridge Analytica and the social network Facebook a few months ago. In that case, a Facebook application, to which users gave permission to access and use a series of sensitive data, also took sensitive data from friends of the user in question, who were unaware that this was happening.On 25 May, the General Data Protection Regulation (GDPR) came into force in all European Union countries. In a nutshell, the new regulation allows citizens to have greater control over the way in which companies, public bodies and individuals use sensitive data from users. Sensitive data includes not only strictly personal data, but also information on religious orientation, race, political orientation and health. The new regulation has imposed clearer rules on information and consent and, at the same time, greater rigour in transferring data outside the European Union. European citizens can therefore learn about sensitive information held by any company or public body and also decide to delete it without any restrictions. To further protect users, the legislation has included strong sanctions in case these conditions are not respected, especially if children under 16 years of age are involved.