This chapter focuses on the potential impact of the agreed text of the General Data Protection Regulation (GDPR). A number of changes in the GDPR will impact the smart city and its component parts. The provision for enhanced data subject rights, for example, raises questions of feasibility in the smart city context. Among the additional rights are an express right to be forgotten and data portability. The decision to explicitly acknowledge within the text of the legislation a new category of pseudonymised data is representative of the search for compromise that is characteristic of this area of law. The construal of anonymisation and pseudonymisation has been a major area of divergence under the Data Protection Directive. The decision of the European Union to persist with the category of personal data and to endorse pseudonymisation as an important technological solution indicates an unwillingness to forgo the existing model.