The European General Data Protection Regulation (“GDPR”) entered in force on May 25, 2018 (“GDPR Day”). The GDPR sets forth a new regime for the protection of personal data in the European Union (“EU”). We briefly discuss below five things that general counsel should know about the GDPR, including lessons learned since GDPR Day.