The European Union’s General Data Protection Regulation (GDPR) takes effect May 25, 2018. The GDPR will affect companies all over the world, regardless of whether they are located in the EU. Many U.S.-based companies are surprised to find they must also comply or risk facing large fines. If these regulations apply to your company now, or may in the future, you can’t afford to wait. If your company is affected, are you ready?

So the GDPR applies to your company. What does this mean?

First, you’ll need to create a compliance program to protect yourself in the event of a data breach or other violations. Penalties for violating the GDPR include fines up to the greater of €20 million or 4 percent of your company’s annual worldwide revenue. For basics about the regulations, check out Dykema’s GDPR Issues Brief.