The EU General Data Protection Regulation (GDPR) was adopted in April 2016 and will enter into force in mid-2018. The GDPR, which is intended to create a single law on data protection across the EU, will have a significant impact on European companies and, importantly, also on businesses outside of Europe, such as in the U.S., that collect data on Europeans through offering goods or services to them or monitoring them. This is particularly important given the significant fines being introduced by the GDPR for non-compliance of up to 4% of annual worldwide turnover (gross revenue). Companies should now seriously consider the impact of the GDPR by carrying out an internal gap analysis of current data protection practices as compared to new requirements and rights under the GDPR. Below is a summary of some of the key provisions in the GDPR that need to be considered as part of the gap analysis together with some practical steps for implementation.