The General Data Protection Regulation (GDPR), which comes into effect on May 25th, allows any E.U. citizen to know if a company is holding their personal data, see that data, and then request to have it deleted. The law will apply to any business that holds information on an E.U. citizen, regardless of where it is located. Any kind of information recorded by a gallery or art world business—from the personal tastes of a collector, to the events they’ve attended, to their dietary restrictions—would be subject to the rule, the Financial Times reported. While certain information, like who owned a work as part of its provenance, can be kept indefinitely, other personal data will have to be deleted in a timely manner, as there are stiff fines for noncompliance. But the regulation doesn’t govern intangible details of the intricate personal relationships that define the art world—that is, so long as the most gossipy tidbits, such as who is blacklisted from buying a work, aren’t written in a spreadsheet.