The General Data Protection Regulation (GDPR) ensures that data subjects have greater control over their personal information, but it creates drastic changes to data privacy for anyone who is in the European Union and for any company that retains EU customer data. With a deadline set for May 2018, United States-based multinational enterprises doing business in the EU can prepare for the GDPR with a few simple steps. Begin by determining if you are a controller or processor, audit data, and work with a legal team to determine which EU member state will be your supervisory authority. Appoint a Data Protection Officer if necessary and redesign existing consent and disclosure for customers.