Recently, I asked a nonprofit executive how his organization planned to comply with the new General Data Protection Regulation (GDPR) that will go into effect in the European Union this spring. I expected him to rattle off a loose outline of steps that his IT team is taking to prepare for the GDPR guidelines. Instead,…