The European Union’s new rules on data protection and privacy — called the General Data Protection Regulation or GDPR — that take effect on May 25 promise to bring EU residents stronger protection of their personal information. U.S. residents would also get those protections from companies that have EU operations and extend their compliance with the new rules globally. But gray areas persist on how regulators may define such things as data breaches or confidentiality as well as determine how the new rules are to be implemented, according to experts. GDPR rules impose strong restrictions on how businesses and governments could store, process, use, and monetize their personal information, and for how long they could retain such data. People would also have access to their personal data stored by other entities, and opt in or opt out of those databases. Another requirement is “privacy by design,” which means protections have to be integrated into the technology design of products and services.…