After a busy year of an increasing number of data breaches and threats to personal data across the globe, a major data privacy protection reform effort from the European Union (EU) is barreling down the pipeline. It’s an important step forward for consumers’ rights and safety; however, companies around the globe now have the challenge of getting protective systems in place and must re-evaluate how they manage personal data. And the stakes for noncompliance are significant, with reform becoming standard policy in just a few short months.
What is the GDPR?
The General Data Protection Regulation (GDPR) is an EU edict designed to improve the overall standard for data privacy while synchronizing data privacy laws across Europe. It will change how a wide range of businesses handle, hold, store and protect information. Its official and inflexible enforcement date is 25 May 2018, just under four months away.
In addition to specific country requirements, businesses have to meet a minimum standard across all 28 EU member countries as part of the GDPR requirements. This standard is significant and will likely take a large investment to meet. One PWC survey showed 68 percent of companies expect to spend from US$1 million to US$10 million.
Who does it affect?
GDPR’s increased geographical scope is arguably the biggest change in European data privacy regulations. The new rules apply to all companies residing in any of the EU’s 28 member states, as well as companies based outside of the member states that process and store personal data of EU citizens. Additionally, the regulation takes a wide view of what constitutes personal identification data—ranging from social media posts to an individual IP address.
Why is it important to you?
Noncompliance penalties for GDPR regulation are steep: up to €20 million or four percent of global annual turnover,...
This content is available to IABC members only. To continue reading, log in below.