The General Data Protection Regulation promises the biggest shake up to European privacy laws for 20 years. It will apply in all Member States from 25 May 2018. The changes needed to comply with the Regulation are significant and the two year implementation period is likely to go quickly. You should start to prepare for them now. It is likely you will need a compliance programme to manage these changes, but don’t just focus on the narrow requirements of the Regulation. Use this as an opportunity to improve the way you handle personal information. In other words, look up from the maze of articles and recitals and think about your customers, employees and other individuals. They will expect a lot more of you in a post-Regulation world.