As is widely known, the European Union General Data Protection Regulation, which replaces Directive 95/46/EC, will come into force in May 2018 and will bring relevant changes to all stakeholders: DPAs, individuals, controller and processor organizations. In order to help organizations understand the key operational impacts of the regulation and to stimulate their internal change, the Centre for Information Policy Leadership – a global privacy and security think tank that works to advance privacy and security policy, law and practice – launched a survey (respondents were both data controllers and data processors of multinational organizations with an annual revenue size ranged from less than $1 million to more than $100 billion, that predominantly operated in Europe and in the US) to evaluate their progress towards true operationalization for GDPR readiness.