The document discusses the key changes brought about by the General Data Protection Regulation (GDPR) and outlines an audit program to assess compliance. It introduces 9 key changes under GDPR including increased accountability, data subject rights, and heavier fines. It then explains aspects of a GDPR compliance audit such as evaluating data protection impact assessments, comparing the roles of data protection officers and chief information security officers, defining lines of defense, and assessing 5 areas of focus including privacy management, data management, data security, third party agreements, and incident management.