In late January, the European Commission issued a communication to the European Parliament and the Council (the Communication) on the direct application of the European Union (EU) General Data Protection Regulation (GDPR), which serves several purposes. First, it recounts novel elements of the GDPR that create stronger protections for individuals and new opportunities for organizations. Second, it reviews preparatory work undertaken to date for GDPR implementation and, finally, it outlines measures the European Commission intends to take up until May 25, 2018. The Commission will continue working with EU Member States and will monitor how they apply the new rules.