In a short two months, the European Union’s General Data Protection Regulation will take effect. The deadline for compliance is May 25, 2018. The GDPR significantly expands the jurisdiction of the EU’s data privacy framework to companies processing or controlling the personal data of employees or other individuals residing in the EU – regardless of the company’s location. The GDPR covers companies if it falls under one of the following tests: ‘establishment,” “goods and services” or “monitoring.” Among other heightened requirements and obligations, if a company is covered under the GDPR, it will be subject to stricter rules on obtaining employee consent to process and share personal data; it may have to appoint a data protection officer; and its employees will have greater rights with respect to access and control of their personal data.