Few regulatory shifts have struck fear into the hearts of data-driven businesses quite like the General Data Protection Regulation (GDPR). The data privacy regulation, adopted in April 2016 and set to take effect May 25, 2018, sets forth a set of rules that would enable European Union (EU) residents to recover and erase their personal data held by private business. The fines set forth by the regulation for noncompliance, the greater of $20 million or 4 percent of an organization’s annual revenue, are substantial to say the least.

GDPR isn’t the only major shift on the mind of risk and compliance analysts in 2018. The anticipated withdrawal of the U.K. from the EU, or Brexit, in August will likely introduce a whole other set of complicating factors for contracts going to and from U.K.-based companies.