With GDPR coming into effect on May 25, 2018, any organization handling EU citizen’s personal data should be prepared to comply with stricter privacy regulations or be ready to pay up to four percent of their global annual revenue in fines or €20,000,000. This is a substantial penalty for non-compliant companies, and does not focus just on companies based in Europe — it’s for ALL companies globally who do business in the EU. With just months remaining, the clock is ticking on companies to be compliant. Let’s explore what is covered by GDPR and how it may impact your organisation answering questions such as do I need to have a DPO; I don’t do business directly in the EU when does GDPR affect me; what data is affected? While a compliance theme has been pushed by vendors, we will cover why GDPR is not about compliance but about changing key process and procedures such as incident response.