Last month, the UK’s data privacy regulator, the Information Commissioner’s Office, released a guide with twelve steps that companies can take now to prepare for the new EU General Data Protection Regulation (GDPR).  The guidance emphasizes that although companies’ current compliance with data privacy laws are a good starting point, the GDPR will require changes because of some new requirements.  The ICO has stressed the importance of preparation, as violators of the new law can face maximum fines as high as 4% of global annual revenue or €20 million for breaches of the GDPR.  The EU Council and European Parliament agreed to proposed language for the GDPR in December 2015, and the GDPR is expected to be formally approved in mid-2016, after which there will be a two-year transition period before it takes effect in 2018.