You may have heard of the General Data Protection Regulation. It may sound boring, but it's really important and CNBC has a guide to help you understand it. It's a piece of European Union legislation that could have a far-reaching impact on some of the world's biggest technology companies, including Facebook and Google. So here's your guide to the GDPR.

What is GDPR?

GDPR is a piece of legislation that was approved in April 2016. European authorities have given companies two years to comply and it came into force Friday. It replaces a previous law called the Data Protection Directive and is aimed at harmonizing rules across the 28-nation EU bloc. The aim is to give consumers control of their personal data collected by companies. Not only will it affect organizations located within the EU, but it will also apply to companies outside of the region if they offer goods or services to, or monitor the behavior of, people in the bloc. This is why GDPR could have a far-reaching impact.

What are the key policies?

A major focus of GDPR is on conditions of consent that have been strengthened. So companies will not be able to use vague or confusing statements to get you to agree to give them data. Firms won't be able to bundle consent for different things together either. "If you have a page of different consent, and saying by clicking here you consent to lots of things, that will be wrong. You need to be able to apply that consent individually," Harry Small, a partner at law firm Baker & McKenzie, told CNBC by phone. Consent must also be easy to withdraw. For children under 16, a person holding "parental responsibility" must opt in to data collection on their behalf. Another rule will make it mandatory for companies to notify their data protection authority about a data breach within 72 hours of first becoming aware of it. The processor of the data will need to notify customers "without undue delay" after learning of the breach, according to an EU document. When it comes to user data, consumers will have more control. You will be able to access the personal data being stored by companies and find out where and for what purpose it is being used. You will also have the right to be forgotten. This means you can ask whoever is controlling your data to erase it and potentially stop third parties processing it. Another provision allows people to take their data and transfer it to a different service provider.

Are there punishments for breaking the rules?

Yes, and potentially big ones. An organization in breach of GDPR laws will be fined up to 4 percent of annual global turnover or 20 million euros ($24.6 million), whichever is bigger. Some of the biggest technology companies are making billions in turnover every year so this could be a big hit if they were to breach any rules.

What will the impact be on firms?

Big organizations have had two years to get ready for GDPR. The big technology firms that have huge user bases and handle massive amounts of data have spoken about what they are doing. Facebook recently released some new privacy tools that will help it comply with GDPR. Other big technology companies have also released their plans.