Today is the day: GDPR is here for good.

Friday, May 25, marks the official start of the European Union's General Data Protection Regulation (GDPR) -- a sweeping legal framework that offers expanded privacy protection for European citizens, as well as stiff penalties for those businesses that violate these new laws.

While two years in the making, enterprises will now have to confront these new rules head-on, while preparing for more changes to come. GDPR is expected to serve as a blueprint for other countries, most notably China, which are also considering new privacy protections for their own citizens.

(Source: Flickr)\r\n\r\n

For the past several months, businesses of all sizes have struggled to prepare for today, updating their IT to meet with new compliance and data governance rules, but it's clear that many are not ready for what's ahead.

Steve Durbin, the managing director of the non-profit Information Security Forum, believes that most enterprises have adopted a "defensive position" in the weeks leading up to the GDPR deadline. This includes subject access requests, impact assessments and policies that cover collecting data from employees, customers and third parties.

Still, there's more to do.

"Businesses should be able to at this point demonstrate implementing at least the spirit of the regulations around things like transparency, purpose and lawfulness, but then you have to get to the stage where you ask, 'Where do we go from here?' " Durbin said in an interview with Security Now. "If you do an assessment and find you are in good shape, you can go to phase two and starting next week, you can start implementing this across the business."

To help our readers prepare for GDPR and all that it entails, Security Now has published numerous stories over the past six months to help security and IT pros, as well as the enterprises that they work for, gain a better of understanding of what these new rules mean and how it will affect their jobs both now and in the future.

Over these months, Security Now has published stories on how network firewalls can help with GDPR, what larger tech giants such as Microsoft and IBM are doing to prepare as well as tips to ensure your website is compliant.

Here's our complete list of stories that can serve as your guide to GDPR on this first day:

GDPR & Tech

• GDPR Should Change Your Thinking About Network Firewalls
• GDPR, AI & a New Age of Consent for Enterprises
• 4 Steps to Make Your Website GDPR Compliant
• GDPR: Your Enterprise Security Checklist
• GDPR, Cloud Changing Security Pros' Priorities – Report
• GDPR Readiness Goes Beyond Security Controls
• GDPR Blackmail Looms as a Double-Dip Cyber Attack Plan

GDPR & People

• GDPR Compliance: Enterprises Have Two Options to Consider
• GDPR: The New Price We Pay for Data Privacy
• Unknown Document 742638
• Unknown Document 740840

GDPR & Policy

• Microsoft Offering GDPR-Like Protection for All Customers
• GDPR Is Driving Businesses to Revamp Privacy & Security Policies
• GDPR Non-Compliance: Will Your Enterprise Get Busted?
• EU's NIS Directive Compounding GDPR Burdens & Confusion
• GDPR Territorial Scope: Location, Location, Location?

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.