Yes, organizations should review and analyze the impact of GDPR on their risk profile. The potential fines imposed under GDPR, audits that may be performed by regulators, and the new breach notification obligations will greatly expand the potential financial exposure of organizations faced with GDPR compliance. Organizations should ensure these exposures are properly addressed in their current risk management portfolios.