The new EU data protection framework, called the General Data Protection Regulation (GDPR), will take effect in May 2018. These new laws will significantly impact any companies doing business in Europe, even those without a physical EU presence (e.g. U.S. companies targeting Europe). If you have a website, use customer or staff data or engage in almost any form of marketing you will likely be caught. The new very high fine levels for breaches and the need to be able to prove compliance mean companies, regardless of size, must take steps now to prepare.