This thesis discusses the General Data Protection Regulation (GDPR) and its impact on individuals since the GDPR became effective in May 2018. The regulation has had significant implications for companies and organizations that handle user data as it provides fines if they are non-compliance. However, the GDPR was created to protect individuals' privacy and personal data in the European Union (EU), which has added many complexities to companies and individuals. This study aims to provide an experiment with individuals in Sweden to document their knowledge of the regulations and their ability to exercise the rights granted and to know their opinions through interviews with 19 samples of individuals. The research deals with the third chapter more than other chapters of the GDPR. The results revealed a lack of awareness among the participants, with only a small percentage having prior knowledge of the GDPR and lacking a clear understanding of the implications and practical implementation of these rights, despite the participants' enthusiasm when explaining the rights to them. Participants acknowledged the importance of their data and assessed the provisions of the GDPR. They emphasized rights such as access, rectification, and erasure as necessary to protect privacy. After obtaining nearly complete knowledge, the participants could exercise and find the GDPR rights entirely on Swedish sites, except those who were able to find the rights with only a little knowledge. The study highlights the need to enhance individuals' awareness of the GDPR and improve transparency and accessibility of privacy policies.