In what will replace the Data Protection Directive 95/46/EC, employers located or with staff in the European Union (EU) will need to comply with a new data protection law. Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data will become effective May 25, 2018. Commonly referred to as the General Data Protection Regulation (GDPR), its original purpose was to introduce a single legal framework applicable across all EU member states. Employers who wish to avoid noncompliance should first consider whether the GDPR applies to the organization. Conducting an audit and gap analysis will provide a starting point in examining the current data processing practices. Other steps include electing a Data Protection Officer (DPO); reviewing existing terms with third-party processors; updating existing privacy notices and policies; and conducting staff training.