With the recent enactment of the European Unions (EU) General Data Protection Regulation (GDPR), many companies are wondering if and how the new laws affect their businesses. Any company that does business within the EU is subject to the GDPR. Data controllers direct the collection, use, storage, disclosure, retention, and deletion of personal data, which is information relating to an identified or individual person. Companies must have a lawful basis for processing personal data and must implement safeguards to facilitate compliance with the GDPRs requirements. They must also document data processing activities and be prepared to comply with the regulations grant of certain rights to EU residents. Businesses are advised to prepare by identifying their governance structure, documenting privacy and data security efforts and getting expert help, among other safeguarding steps.