The General Data Protection Regulation (“GDPR”) is a European Union (“EU”) law, but it’s going to have a big impact on American businesses that collect and process personal data of EU individuals. While American companies may be familiar with its predecessor, the Data Protection Directive through the Privacy Shield and Model Clause programs, the GDPR has several new requirements for how data must be handled. It also creates new rights for EU individuals (also known as “data subjects” under the GDPR) that organizations must be ready to address. The GDPR is already in effect and enforcement will begin on May 25, 2018, so there’s still time to get up to speed on its requirements and ensure your enterprise is compliant. Please note that this blog post does not constitute legal advice, and we’re providing it for informational purposes only. For legal advice, be sure to work with your organization’s own.