Companies that market themselves through email – practically every company in the world, that is – are scrambling to become compliant with a new European law that could cause major legal actions.

The General Data Protection Regulation (known by the acronym GDPR) is a new European law that takes effect on Friday, May 25. Consumers have already noticed a flood of updated email requests from companies that have them on their mailing lists, and more such notices are to come.

From Facebook through Google to the largest entertainment conglomerates, updates to privacy policies are being sent. And even though many companies may not have a presence in Europe, they still are taking no chances.

The GDPR restricts how companies obtain and handle online data and information. Most prominent is the European Union rule called “The Right To Be Forgotten,” which allows consumers to ask that their information be taken down and/or eliminated from databases. The law also requires businesses to be clearer on how data is handled.

If companies do not comply, they face substantial fines, and many litigious actors are rumored to be waiting in the wings for the new rules to go into effect.

Other countries have taken notice on the EU rules and are preparing similar privacy laws. Japan, South Korea and Brazil are crafting laws, and others – including the US and Canada – are watching closely.

One thorny issue is how blockchain companies – which use information stored on immutable ledgers – can deal with the new privacy restrictions. Some tech companies are already complaining that the new laws may stifle innovation and restrict growth.