Eight Ways the GDPR Could Impact Most Organizations

Information Management


In this article, John Eustice discusses the EU's General Data Protection Regulation (GDPR), particularly how companies can identify the key areas of change between the GDPR and the aged 1995 EU Data Protection Directive that it will replace in May 2018. The GDPR was enacted to "harmonize data privacy and security laws across Europe, protect and empower the privacy of all EU citizens, and ensure that organizations across the EU approach data privacy and security in the same manner," Eustice wrote. "Overall, while the GDPR is not a drastic overhaul of data protection regulations in the European Union, it is an expansion of prior efforts to protect the data privacy rights of EU citizens that is designed to gain the attention of high-level executives and spur change at companies lagging behind in this area." The GDPR has significant teeth, empowering EU Data Protection Authorities to impose fines of up to the higher of four percent of a company's annual worldwide turnover or 20 million Euros for significant breaches. At this point, demonstrating good faith efforts toward compliance is the wisest course of action for every organization doing business in the EU.