Starting May 25, 2018, organisations that collect and store data on citizens in European Union (EU) countries must begin complying with strict new rules around protecting customer data. The General Data Protection Regulation (GDPR) applies to all organisations – regardless of their location – if they’re processing or storing personal data of EU data subjects.
Here are some quick facts about GDPR:
Objective:
- Give individuals control of personal data
- Regulatory consistency across the EU
Impact:
- Covers personal data collected in the EU, regardless of the location of the collector.
- Applies to US-based companies doing business in the EU
- Fines are significant – up to 4% of global revenue
Rights of PII owners:
- To be informed
- To have access
- To correct
- To erase
- To restrict processing
- To have portability
- To object
Biggest concerns for organisations about GDPR*:
- 21% – high penalties lead to workforce reduction
- 19% – negative media causes loss of customers
- 18% – high penalties lead to end of business
- 12% – negative media reduces brand value
- 8% – shareholder lawsuits
- 8% – loss of market share
*(Source, Veritas poll, 2017)
