[idoh]

Sounds true to me. May 25 is the start date, and the penalties for noncompliance are insane.

[nsbq71]

I thought it worked retroactively too.

[idoh]

It is possible that there is some other rule in place for that, but the GDPR isn't retroactive as far as I remember.

[lixtra]

GDPR is already active. It's just the punishment section that is not yet active. On May 25th, if a company has (still) data about you, they have to comply or (now) face the consequences.

[idoh]

That's a really pedantic interpretation :) It has been adopted and published, but enforcement starts May 25. Because nothing can actually happen until May 25, I think that is a more reasonable date to say that it is "active".