The General Data Protection Regulation (GDPR) affects not only European companies but also most organizations outside the European Union (EU) that collect personal data from people in the EU.
One of the goals of the GDPR, which went into effect May 25, 2018, is to provide people in the EU with more control over their personal data. The GDPR is nearly 100 pages
and comes with a long list of requirements. For example, under certain circumstances, people in the EU can request that an organization provide a copy of the personal data it has about them. Similarly, people in the EU can request that the organization delete their personal data. GDPR also requires that data breaches be reported to a supervisory authority within 72 hours of when the organization becomes “aware” of the breach.
Failure to comply with the GDPR could result in an organization being fined as much as 4 percent of its annual revenue.
As a result, organizations with exposure to the GDPR have launched GDPR-readiness programs to assess their exposure, develop a road map to enhance privacy notices, update existing procedures, or introduce new procedures.