The European General Data Protection Regulation (GDPR) is legislation intended to bring the continent up to speed with current, personal data laws.

It’s also the very annoying reason why your inbox has been spammed with privacy policy updates.

Previous data protection laws were last enacted in Europe during the 1990s and haven’t been updated since. The GDPR will change how private businesses and the public sector can use and handle personal information by their customers. It increases the rights of individuals and gives them more control over their information.

This regulation took effect today – May 25, 2018 – and caused widespread panic and fear mongering among those who work or have a presence in digital spaces.

I received numerous text messages, calls, and emails from clients and friends alike worried that they wouldn’t be in compliance with the regulation due to a lack of understanding.

The UK’s information commissioner, Elizabeth Denham, is in charge of data protection enforcement and told WIRED that she is frustrated by the amount of “scaremongering” around the potential impact for businesses.

“The GDPR is a step change for data protection,” she said. “It’s still an evolution, not a revolution.”

Now what?

There are 99 articles that explain the rights of individuals and the obligations placed on companies, organizations, and individuals covered by the regulation.

Other than allowing individuals to have access to the data companies have about them, new fines are outlined for those who don’t comply with the regulation along with a clear message that it’s the responsibility of the organization to get consent before they collect information.

For larger companies and organizations that have the resources, it meant updating their online privacy policies and terms of service with their legal team to make sure they were in compliance, then sending out the updated notice to anyone and everyone on their email list.

But for smaller companies and startups, dealing with the GDPR was probably frustrating.

Helen Dixon, the data protection commissioner for Ireland says the new regulation was needed and is a positive move, but adds that there needs to be “a lot more knowledge in smaller companies, including startups.”

“One of the issues with startups is that when they’re going through all the formalities new businesses go through, there’s no data protection hook at that stage,” Dixon said.

In a world where it’s already difficult enough to start a business, why make potential entrepreneurs shuffle through tax codes, business licenses, and now data laws before big government deems them worthy enough to trade goods or services?

Meanwhile, after two decades of working toward solutions to the problem of email spam, government just caused the worst flurry in years – by mandate.