Once in force, the European Union General Data Protection Regulation (GDPR) will require every multinational company that offers products or services to European Union residents to adhere to a strict set of data privacy and security measures.

IT leaders in many multinational companies have recognized the need to begin the process of making changes to their information infrastructure in order to meet the many requirements of the Regulation.

This document was envisioned to assist information security professionals in prioritizing changes and additions to their information security programs.