The document discusses the General Data Protection Regulation (GDPR) which takes effect in May 2018. It defines personal data and the rights of data subjects. Companies that collect or process personal data of EU citizens must comply with GDPR rules around obtaining consent, providing access/updates/deletions to data, and protecting personal data. The document recommends companies take an action plan to review their data collection and storage practices, put security measures in place, and prepare to respect individuals' rights to their personal data.