In May 2018 when the EU General Data Protection Regulation (GDPR) becomes enforceable, every multinational business offering products or services to EU residents will be required to adhere to a strict set of data privacy and security measures. These requirements will apply equally to your operations as well as those of your business partners. They call for the use of emerging technologies and systems-design concepts that may be new to many information security professionals.

To help you address the challenges of GDPR compliance, this paper is divided into five sections:
• A brief overview of the GDPR
• Why the Regulation should be important to information security professionals
• 13 essential steps you should take to help ensure GDPR compliance
• A glossary outlining key concepts of the Regulation
• A summary of information security considerations posed by the EU Data Protection Directive 95/46/EC and the GDPR