Following four years of discussions, on May 4, 2016, the Official Journal of the European Union published the EU General Data Protection Regulation (“GDPR”). The GDPR, which will enter into force on May 24, 2016, will replace the data protection directive, Directive 95/46/EC, from 1995. Companies will then have until May 25, 2018, when the GDPR takes effect, to take all the steps necessary to ensure compliance with the new 260-page data protection law, containing 99 Articles, and 173 Recitals. While companies might believe the two year grace period is a long one, they should not postpone taking preparatory steps. The scope of the changes is substantial and companies would be well-advised to start preparing for them now.