The European Union’s General Data Protection Regulation (GDPR), which begins enforcement on May 25, 2018, is about giving individuals control over their personally identifiable information that is stored, processed and shared by companies, as well as making companies responsible to adequately protect personal data from theft and misuse. But if you think that just because your company doesn’t have offices in the E.U. it doesn’t need to be concerned with GDPR, think again. GDPR applies to every organization that stores, processes or otherwise uses data relating to E.U. citizens, and there are stiff penalties for non-compliance that can be as high as 4 million Euros or 4% of revenue, whichever is higher.