The General Data Protection Regulation (GDPR) [1], which will be enforceable from May 2018, introduces significant changes on the obligations of data controllers and processors in the context of the data protection legistlation of the European Union (EU). These obligations are defined by a single set of rules that should be adopted by all EU Member States including, among others, the need for explicit consent with the possibility of withdrawal and the right to erasure. The GDPR applies to data controllers (organizations) that access data of a data subject (persons) and data processors (organizations) that process data on behalf of the controller.