The new law requires companies to be transparent about how your data is handled, and to get your permission before starting to use it. It raises the legal bar that businesses must clear to target ads based on personal information like your relationship status, job or education, or your use of websites and apps.

That means online advertising in Europe could become broader, returning to styles more akin to magazines and television, where marketers have a less detailed sense of the audience.

Some of the tools companies develop to comply with the G.D.P.R. might be made available to users whether they live in Europe or not. Facebook, for example, announced in April that it would offer the privacy controls required under the new law to all users, not just Europeans.

What are your rights?

Even if you don’t notice big changes, the new law provides important privacy rights worth knowing about.

For instance, you can ask companies what information they hold about you, and then request that it be deleted. This applies not just to tech companies, but also to banks, retailers, grocery stores or any other organization storing your information. You can even ask your employer.

[Read more about how to parse the flood of G.D.P.R.-related privacy notices in your inbox.]

And if you suspect your information is being misused or collected unnecessarily, you can complain to your national data protection regulator, which must investigate.

Of course, an individual going up against a giant corporation like Google or Facebook isn’t in a fair fight. The law has 11 chapters and 99 sub-articles, and just initiating a case can take as many as 20 steps, according to the International Association of Privacy Professionals, an industry trade group.