Only 6% of US companies are completely prepared for the General Data Protection Regulation (or GDPR), which comes into effect in May 2018, according to research by Erwin. GDPR affects any website that has customers or users in the EU, and states that companies must only use personal data if given explicit permission from the user. They must also delete personal data if requested by the user. If a company fails to comply, then they can be fined up to €20 million or 4% of annual global turnover, whichever is higher. Erwin's research found that just 6% of US companies are completely prepared for GDPR, with 39% somewhat prepared, 27% beginning to prepare, 11% not prepared at all and 17% believing that GDPR did not apply to their business. With the May deadline rapidly approaching, it is vitally important that all companies with clients or website users from the EU are GDPR-compliant.