The General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years and it's certainly shaking things up across the world. What's the GDPR's main purpose? To protect and provide rights to European Union data subjects (individuals whose data is being captured by organizations).
On May 25, 2018 the GDPR will go into effect, giving regulatory authorities power to take action against companies that breach the new regulations. In this digital economy, it should be no surprise that these regulations also apply to global enterprises outside the EU.
Download our eBook - GDPR Guide: 3 Steps to Readiness
Any company (EU and foreign) that processes the personal data of individuals residing in the European Union must adhere to these regulations, regardless of the company’s location. For non-EU businesses processing the data of EU citizens, this includes the requirement of appointing a representative in the EU.
So what’s the risk? If companies do not comply with these regulations, they can be fined up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. These rules apply to both controllers and processors, therefore ‘clouds’ will not be exempt from GDPR enforcement.
The infographic below shows how the largest U.S. companies would be affected by the maximum GDPR fine:
To prevent these fines and penalties, all organizations should familiarize themselves with the new requirements. Read our blog 7 Key GDPR Requirements & the Role of Data Governance to learn more about the GDPR and understand the best approach towards company-wide compliance. Click here to read.