In today's data-driven society, corporate and non-profit organizations alike rely on the collection and processing of user data in ever-evolving ways. Employees working in these organizations share a duty to protect the rights of individuals' personal data, which includes complying with the EU General Data Protection Regulation (GDPR). This course outlines the purpose and principles of this regulation. It explains obligations of controllers and processors under the GDPR, and discusses the rights of data subjects. The course also covers measures employees can take to support their organizations' compliance with the GDPR. This course was developed with subject matter support provided by The Potomac Law Group, PLLC. Please note, however, that the course materials and content are for informational purposes only and do not constitute legal advice and may or may not reflect the most current legal developments. Nothing herein, or in the course materials, shall be construed as professional advice as to any particular situation or constitute a legal opinion with respect to compliance with legal statutes or statutory instruments. Transmission of the information is not intended to create, and receipt does not constitute, an attorney-client relationship. Readers should not act upon this information without seeking independent legal advice.