The upcoming enactment of the new European General Data Protection Regulation (GDPR) will affect global change in the way organizations collect, process and store private data for all EU citizens. If you’ve been living under a rock, it’s time to come out and assess your readiness for the new EU regulations which govern privacy, extend individual control over personal data, clarify and enforce certain security and control measures meant to protect data and ensure transparency in the use of personal data for all EU citizens.
According to Gartner research director Bart Willemsen, "The GDPR will affect not only EU-based organizations, but many data controllers and processors outside the EU as well. Threats of hefty fines, as well as the increasingly empowered position of individual data subjects tilt the business case for compliance and should cause decision makers to re-evaluate measures safely process personal data.” Penalties for noncompliance are significant and experts predict a wave of potential bankruptcies and crippling penalties for companies who are unprepared for the effects of the new regulations or underestimate how seriously GDPR will affect their business.
Who will specifically be effected by the GDPR? Hopefully you aren’t surprised to learn that the regulation applies to any organization that holds or processes data of EU citizens, regardless of where the organization is headquartered globally. If goods and/or services (paid or unpaid) are offered to citizens of the EU, full compliance with GDPR is non-negotiable.