What is GDPR?
Starting May 25, 2018, organisations that collect and store data on citizens in European Union (EU) countries must begin complying with strict new rules around protecting customer data. The General Data Protection Regulation (GDPR) applies to all organisations – regardless of their location – if they’re processing or storing personal data of EU data subjects.
Here are some quick facts about GDPR:
Objective:
Give individuals control of personal data
Regulatory consistency across the EU
Impact:
Covers personal data collected in the EU, regardless of the location of the collector.
Applies to US-based companies doing business in the EU
Fines are significant – up to 4% of global revenue
Rights of PII owners:
To be informed
To have access
To correct
To erase
To restrict processing
To have portability
To object
Biggest concerns for organisations about GDPR*:
21% – high penalties lead to workforce reduction
19% – negative media causes loss of customers
18% – high penalties lead to end of business
12% – negative media reduces brand value
8% – shareholder lawsuits
8% – loss of market share
*(Source, Veritas poll, 2017)
