Effective from 25 May 2018, the General Data Protection Regulation (GDPR) imposed by the European Union (EU) is undeniably daunting and part of it is deliberately vague for online businesses to comply with. Generally speaking, the legislation empowers web users from the EU to opt out of having their data collected by websites or service providers, with hefty penalties for non-compliance.