With the General Data Protection Regulation looming, many companies and their in-house counsel are gearing up to adhere to the European Union’s demanding new data privacy protections, which go into effect in May.

From 72-hour breach notification windows to the “right to be forgotten,” there’s no question that a lot has to be done to avoid massive potential fines that come with noncompliance. But for all the work, the GDPR presents an opportunity for companies to really scrutinize the way they are handling data, according to David Blonder, director, legal counsel for regulatory and privacy at BlackBerry Ltd.