The implementation of General Data Protection Regulation (GDPR) in May 2018 has caused many discussions about compliance and its effect on the web. In this project we explore if the commencement of GDPR had an effect on the presence of third-parties on sites with EU/EEA origin. The data for analysis are collected in period between February 2018 and June 2020 with total of 59 successful harvests. In each harvest 12 778 sites are visited, with 10 089 having the EU/EEA origin. We analysed the development of TPs, HTTP responses, and status of visited sites and found that there was an initial small drop in the number of TPs after the GDPR commencement followed by the slow gradual decrease over harvests. Due to the data-harvesting methodology where the same set of sites is visited every harvest, we observe that in every harvest fewer sites return 200 – OK HTTP response status. This, in combination with the lack of strong evidence in favour of GDPR, leads to a conclusion that we cannot attribute the decrease in number of TPs to the commencement of GDPR. Secondly, we analyse the purpose and maliciousness of TPs.