The European Union's new General Data Protection Regulation (GDPR) takes effect on May 25, 2018, aiming to harmonize data privacy laws across EU member states and protect the personal data of EU residents. Any organization that stores or processes EU personal data, regardless of location, must comply with the GDPR. The GDPR requires organizations to be accountable, maintain relevant documentation, limit data storage to necessary purposes only, notify breaches within 72 hours, and respect individuals' rights to access and delete their personal data. Consulting firm dcVAST offers GDPR compliance services including assessing an organization's maturity, mapping and classifying unstructured personal data, and protecting or deleting data as needed.