According to the International Standards Organization, in 2016 more than 33,000 organizations globally held certification to the ISO 27001 standard, which relates to information security management systems and security controls. That same year, the European Union’s General Data Protection Regulation was finalized, launching a two-year scramble for compliance by May 25, 2018, for companies of all sizes around the world. Noting the significant common ground between the GDPR and ISO 27001 requirements, the IAPP and OneTrust have endeavored to map these two risk-focused documents to each other, demonstrating the overlap in both principles and requirements as part of a significant new piece of research.