General Data Protection Regulation (2016/679) (GDPR) represents one of the most significant changes in the existing data protection framework in place across the European Union (EU). Its territorial scope is extremely broad and many companies based outside the EU that are processing personal data about individuals based in the EU need to comply with its provisions. The new and complex risk-based framework imposes onerous accountability requirements on data controllers and data processors, and brings in new types of data such as genetic, pseudonymous, and biometric data. It is imperative that firms clearly and comprehensively understand the new framework, and also understand what changes are needed internally in order to be GDPR compliant. This project expertly guided through the legal, technological, and operational framework, provided real and unique strategic perspectives, guided on data protection compliance technology tools and software and third party data service providers.