Data architecture redesign to implement GDPR-required data minimization, purpose limitation, and storage limitation - Implementation of consent management platforms for EU data subjects - Development of data portability capabilities (Article 20) - Establishment of data processing records (Article 30