Privacy regulations in the European Union (EU) have long been considered some of the world’s toughest, and those laws are now becoming more stringent—even for U.S. organizations. The EU’s General Data Protection Regulation (GDPR), adopted in April 2016, requires all organizations that hold, transmit or process EU resident data to comply with the law—regardless of whether they actually operate in the EU.