The General Data Protection Regulation (GDPR) comes with a deadline of 25 May 2018 and studies show that a good fraction of eligible companies has not implemented it yet. This EU standard requires enterprises to protect the information of customers from EU regions. It means that even if a company is not in the EU, but conducts business with customers who are, it has to meet the set requirements. The GDPR aims at improving the level of security that companies provide for consumer data. Security policies must also apply to the transfer of data outside EU states.