In this article we highlight the implications for parties, counsel, arbitral institutions and third party providers and consider how to best deal with GDPR compliance including assessing if consent is necessary, obtaining consent when and if needed, gathering documents, rights of access, denial and deletion, and transfer of personal data outside the EU.