While nobody knows exactly where and when the next data privacy regulation will go into effect, one thing is for certain: it’s coming. Europe’s General Data Protection Regulation, better known as GDPR, is just the beginning of a global push to ensure better oversight of personal data usage by companies.

A recent ZDNet article warned that enterprises need to be ready for what’s next, especially when it comes to customers. It’s not a secret: The next data privacy regulation is on the horizon, whether in the U.S. or another part of the world, at the federal or the local level. In fact, the U.S. state of California has already passed its own data protection law, and Australia and Canada are updating existing laws.

According to the article, the impending regulation presents companies with an opportunity to build on all the hard work done for GDPR by looking back, seeing what’s working, and making necessary adjustments. This includes evaluating and updating the current controls that are in place for data protection, including firewalls, encryption, and policies.

ZDNet also suggests that companies should take on new and more granular approaches to data classification. While GDPR served as a great way for companies to look at how they collect and use data, the next step is to better classify all data types across the company. Additionally, the latest set of tools available to assist in data management and analytics allow for companies to take on vastly larger amounts of data from more and more data sources.

But some companies’ data privacy efforts don’t stop there.

According to a recent Entrepreneur article, companies like Xerox are taking data management to the next level. The company recently set up an “Office of Compliance” that aims to “create a positive corporate compliance culture by helping employees do diligent work, and ensuring that senior leaders and all members of management send consistent messages.” The office also reviews company policies constantly to verify that they meet regulatory and legal requirements.

Are you ready for the next GDPR? There’s no better time to evaluate data privacy and protection at your company.