Many organizations worldwide have begun preparing for the General Data Protection Regulation (GDPR), a set of rules created by European lawmakers to enhance data protection and privacy for individuals within the European Union (EU).

GDPR enforcement is scheduled to begin in May 2018, and the penalties for non-compliance are steep—as much as 4 percent of the violating company’s global annual revenue, depending on the nature of the offense Clearly, GDPR compliance is becoming a priority for many organizations—including those headquartered outside the European Union. A 2017 PwC survey of 200 security, IT, and business executives from U.S. companies showed that 92 percent considered GDPR compliance to be a top business priority for their data-privacy and security efforts this year.

Companies are prepared to invest in compliance efforts. The PwC study shows that 77percent plan to allocate $1 million or more to GDPR readiness and compliance efforts; 68 percent said they will spend between $1– $10 million, and 9 percent are expected to spend more than $10 million.