The European Union’s General Data Protection Regulation (GDPR) overhauls EU data privacy regulation in ways that could have profound implications for many organizations in the EU and around the world. The GDPR will apply to companies that have a presence in the EU – either because they have a physical presence there, they sell to consumers in the EU, or they monitor consumer activities in the EU.
If you collect data on citizens in the EU, whether that be customers, employees, or suppliers, you likely will be subject to the new regulations even if you are not physically located in the EU. The GDPR provides citizens of the EU and European Economic Area (EEA) with greater control over their personal data, including a “right to be forgotten,” and imposes a number of obligations on “data controllers” and “data processors” to ensure that citizens’ information is used properly and stored securely. And to demonstrate their seriousness of purpose, policymakers attached the possibility of significant fines – up to 4% of annual global revenue or 20 million Euros, whichever is greater – for failure to comply with GDPR.
With a looming compliance date of May 25, 2018, the time is now to begin raising awareness of and sensitizing appropriate personnel to the challenges – and opportunities – presented by GDPR. Compliance will require active participation and contribution across almost every aspect of your business, including legal & compliance, security & IT, and sales & marketing.
Download the presentation slides here.