Passage of the EU’s General Data Protection Regulation (GDPR) and a series of recent high-profile data misuse scandals have thrust the data collection, data sharing, and privacy policies of companies into the spotlight. Companies are under significant pressure to prioritize data privacy, security, and compliance, and failure to do so could result in reputational harm or loss of shareholder value, as well as class action lawsuits and enforcement by US and foreign regulators. Boards must understand their companies’ data privacy risks, the effectiveness of their data privacy strategies, and whether their existing policies and anticipated future policies are in sync with emerging global privacy regulations. This panel will address best practices for boards that are struggling with GDPR compliance as well as increased demands for data privacy protections and transparency.