While the May 25 deadline for GDPR has passed, not being fully compliant may still have consequences. The regulators may give credit for efforts made, but customers may be more critical. Companies with EU operations or customers in the EU are generally bound by GDPR regulations. Even US-based companies that don't have EU operations can face scrutiny if they knowingly serve EU customers. Ensuring vendors processing EU personal data comply with GDPR is also crucial, which can be achieved through signing a Data Protection Addendum. Understanding and implementing these measures is essential to protect against potential issues.