GDPR was created for companies and organizations to question their data collection and storage practices. Since the launch of GDPR in May 2018, we have seen the predicted outcomes as well as unexpected consequences, both positive and negative. EU citizens have never had this much control over their digital data. With GDPR, they have the right to know how their data is being used and they can control what data they give to organizations. Data must now be handled fairly between both parties, only being used in ways that users have permitted. But is it? The question remains – has GDPR revolutionized data protection? We investigate the impact below to understand its effects on organisations and users.