The new General Data Protection Regulation (GDPR) seeks to address the challenges of the digital age and to combat the dangers that come with an era of mass information sharing, by giving people more control over their personal data whilst making sure that personal information is protected no matter where it is sent, processed or stored (even outside the EU as may often be the case). Universally acknowledged as the most lobbied-against European legislation ever, with over 4,000 amendments to its original proposal, the GDPR in its final agreed text allows supervisory authorities to impose monetary penalties for breaches which can be up to an eye-watering 4 percent of total worldwide turnover for the previous year. The size of these potential fines reflects the seriousness of the threat posed by the dragon in the darkness on the Digital Single Market. Furthermore, it is clear that effective data protection is not a national but an international matter and that the patchwork of similar, but actually quite diverse, data protection laws in the EU need to be replaced by a single regulation – the GDPR.