On 2018 May 25, Europe’s General Data Protection Regulation (GDPR) will start being enforced. The GDPR defines strict rules on how personal data should be handled. But there is a lot of fear and controversy about the GDPR from people worldwide. With the controversial concepts, the compliance overhead and hefty multi-million fines, is it a good idea for non-EU companies to simply ban all EU visitors from accessing their websites?