The long awaited General Data Protection Regulation (EU) n° 2016/679 ("GDPR") has been finally published on 4 May 2016 and will be applicable as from 25 May 2018. Two years until the entry into force may seem a long period, but it is not if one considers the immense compliance gap most undertakings or organisations that are personal data controllers and processors must close in the meanwhile. Indeed, the GDPR will, among other things, need a thorough review of business processes in order to assure the mapping of all relevant personal data processing activities and flows within an organisation, as well as the review of the data controller's general terms and conditions, consent and privacy disclaimer language and data processing agreements.