Whether based in or outside the European Union, organizations that process the personal data of individuals located in the EU must prepare to comply with the General Data Protection Regulation (“GDPR”)—a tougher and more complicated regulatory framework.