The document discusses where organizations should be in preparing for the General Data Protection Regulation (GDPR) which takes effect in May 2018. It raises questions that organizations should consider such as engaging stakeholders to fund compliance, understanding the data being stored and its purposes, ensuring all breaches can be detected and reported, clarifying accountability, and maintaining momentum through and beyond the 2018 deadline. The document emphasizes that organizations need to understand their data, have accountable processes, and view GDPR as an opportunity to improve customer relationships and trust through appropriate data management.