This is the second post in a series about achieving GDPR compliance with YugabyteDB, a distributed SQL database. The EU's General Data Protection Regulation (GDPR) requires organizations to protect personal data and privacy of EU citizens, which can be achieved by building a sustainable GDPR process that focuses on central principles or best practices. Organizations should break down GDPR requirements into data protection principle "buckets" and assess their own compliance before building out their IT systems and governance framework. The role of maintaining GDPR compliance falls within the organization's C-Suite, particularly a Chief Data Officer, CISO, CTO, and/or CIO. Failing to maintain compliance can result in fines up to €20M or 4% of the organization's worldwide annual revenue from the prior fiscal year. Reaching GDPR compliance has benefits such as recognizing privacy as a fundamental human right and encouraging organizational privacy hygiene. YugabyteDB enables its customers to comply with GDPR requirements by providing features like geo-partitioning, replication, TLS encryption, and column-level security. The database has helped companies like Narvar serve the biggest names in ecommerce while staying GDPR compliant.